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Key to symbols used in this book 



Organisation network 



FDDI concentrator 



Ethernet network 



Mainframe/mini¬ 
computer system 



Communications link 



The Internet 




ATM cellplex 


Server 


Tablet PC 



Firewall 



Router 


^[□j^ PC 

Personal digital 

assistant (PDA) 





Laptop computer 



Symbols courtesy of Cisco Networking Academy 
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Chapter 1 


Introduction to networks 


phapter summary 

This chapter provides an introduction to computer networks and networking When 
studying computer networking, it is important to understand that it has evolved 
and will continue to evolve. As new technologies become available, the uses to 
which that technology is being put (and can be put) will also evolve. A computer 
network can be categorised according to the geographical area it covers as well as 
by the type of access it provides to the outside world. 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the followina 
outcomes. You should be able to: 

Outcome 1: Evolution of networks 

Understand the way in which computer networks have evolved and the principal 

stages of this evolution. Question 1 at the end of this chapter will test your ability 

to do this. ’ * 

Outcome 2: Two main types of networked computing 

Understand the two main categories of computer networking and be able to 
describe the differences. Question 2 at the end of this chapter will test your ability 


Network categories 


Understand and be able to describe what is meant by the terms LAN, WAN MAN 

PAN, VAN, VLAN, VPN, VoIP, intranet, Internet and extranet. Question 3 at the end 
of this chapter will test your ability to do this. 

How will you be assessed on this? 

Assessors want you to demonstrate your knowledge; they don't want you to 

regurgitate the contents of a book. By understanding networks and their evolution 

you will be better placed to demonstrate your knowledge. The subject matter of 

this chapter could be assessed on its own (see the end of chapter questions) or it 
could be linked with the answer toanother question. ; 38 pf 



Diagrams, diagrams, and diagrams! Computer networking is complex and becomes 
even more complex the more we study it. One of the key ways of picking up marks 
and saving time in assessments is to use diagrams. A diagram in networking is 

worth a thousand words'. Diagrams aren't particularly difficult to memorise and 
will impress the assessor with your command of the subject. 
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Section 1: The evolution of computer 
networks 

computer networks have been evolving 

^S&»r" 

What are computer networks? 

between two or more 


interconnected devices (or points/nodes). 


Early computer systems 

The earliest computer systems usually comprised a mainframe compute, t*.« bad^ 
o, no interaction with other machmes (.Fgure >■'>• ™ “ S ^" d , 0 ? s ffy the costs 

huge and so the time spent working on t machines was extremely limited 

involved. However, the processing power o diqital wa tch). Programmers 

(probably not more than equivalent ° f *° d y • , 9 od 9 w hi!st data-input clerks 

produced punched cards or pape '‘ ap . data t0 9 be lnput into the machine. These 

tapeswere then E (otKacRlne room- whete the computet was housed, were 
fed in, processed and the results printed out. 


.- — 
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Figure 1.1: Early computer systems 
(diagram courtesy of Prof. J. Tail, University of Sunderland) 

These early compute, systems had enormous benefits ifor 

were amongst the first and data had to 

‘beMe^ 

rcoT—;^ used was - ~p|^ £#££ 
put on to punched cards or paper tape and fed '"“Jf a nd the nroqrammers had to 

execution. Compilation and logic errors wei P ounched cards and often rekeying 
work 'offline' on these error messages, amending the Pun^arts^ ^ ^ result of the 

the batch. Today, editing and rec0 ™ p ' 9 Droarammer 's time is used more efficiently 

long,therefore, before the demand grew for 

more interaction with the computer. 
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the computer operators. There was no cgW gcjMgf . 
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Local interactive terminals 

As computer systems developed, their processing power increased and they were given 
secondary storage (tapes, disks). In terms of networks this phase of development was 
important. Although early computers had a main console, terminals were now attached 
to computer systems for the first time. Often in the form of a teletype (a combined 
printer and typewriter), these terminals enabled users to interact with the computer. 
The terminals were connected directly to the computer and were in the same area of 
the building as the mainframe computer (Figure 1.2). These links were nearly always 
made using serial lines (RS232), which meant a limited distance (typically a maximum 
of 15 m or 45 ft) and limited speed but none the less, they heralded the first computer 
network. Interactive computing was born and programmers could now edit, compile 
and execute their code online. 



Figure 1.2: Local interactive terminals 
(diagram courtesy of Prof. J. Tait, University of Sunderland) 

A further important advance occurred in the operating system. Previously, operating 
systems would typically only support one user and one task (single user, single tasking). 
Now the operating system had to support multiple users and multiple tasks (multi¬ 
user, multitasking). (A full discussion of the types of operating systems can be found in 
Chapter 8.) 



Local users could now edit and control the running of their own programs. 


Remote access 

As the concept of interactive computing became more widely known, people in other 
buildings and at other sites also wanted to gain access to the computers. A method 
was developed to support this - terminals were connected via modems (modulator/ 
demodulators) and telephone lines (Figure 1.3). These allowed the use of normal dial¬ 
up telephone lines as simple (unfortunately, though, slow and unreliable), long-distance 
computer connections. 

Just as they are today, modems were used to connect the terminals and remote 
computer systems to a telephone line, carrying the data over a line designed to carry 
voice traffic. Hence, the modem carried out a digital-to-analogue conversion. The speed 
of these modems was about 300 bits per second (bps), compared with today's typical 

speeds of 56,000 bps. However, the volume of data transmitted was not great, as these 
devices worked only in characters. 









CHAPTER Is INTRODUCTION TO NETWORKS^. 

_- - *»#<»**»*»**«* 


* * 






« * ? 


t * * ^ 


« fc- P* 


* * ♦ ^ ^ ^ ^ 


□ 


Modem 



Telephone 

exchange 


□ 


Modem 


O 


□ 


Eimirol 3- Remote modem connections 

(diagram c'ourtesy^f Pro,.,. Tad, Unhmrsity of Sund«„nd) 
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6y the middle to late 1970s 
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7.5 there are two terminals connected to a multiplexor. As the multiplexor is a simple 

Time Division Multiplexor (TDM) it will share the time slot (e.g. 1 second) between the 

two terminals in short bursts. Therefore each terminal will get half the time slot in this 

instance, half a second each. The multiplexors at each end of the line are synchronised 

with each other, ensuring that the correct data is passed down the correct time slot. 

n practice, eight terminals would be typically linked through a multiplexor This 
arrangement was common up until the mid-1990s. 



Figure 1.4: Leased line networks 
(diagram courtesy of Prof. J. Tait, University of Sunderland) 

Leased lines continued to extend the benefits networks were offering organisations 
Heralding the first, real, Wide Area Network (WAN), they allowed more access from 
remote locations (such as local offices) through the sharing of a private line. Utility 
companies and local authorities deployed such systems to give local offices access to 
the centrally held information. It is important to note, however, that such access cannot 
be considered client/server (see Section 2) as the users are using dumb terminals 
(terminals with no computing power) - simply a monitor and a keyboard. 
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Figure 1.5: Leased line arrangement using multiplexors 
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Leaded lines provided remote users with high-security, high-speed dedicated links, 
vvh,ch '"creased the opportunities for remote access to the computer system. 
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Local area networks 

By the late 1970s many organisations (large and small) had more than one computer. 
This trend accelerated rapidly in the early 1980s with the availability of powerful (for that 
time) stand-alone personal computers (PCs) - a trend that continues to the present day. 
The method of access at this time meant that users needed one terminal per system, 
but demand grew for PCs to be able to access many systems (including other PCs) and 
to transfer files. This led to the need for a system that was capable of transferring data at 
high speed between different sorts of computers typically located close together at the 
same site or in the same building. 

This need was answered by the development of modern high-speed Local Area Networks 
(LANs), such as Ethernet and Token Ring. The mid-1980s saw the introduction of these in 
many organisations, but they came into even more widespread use in the 1990s. These 
technologies bridge the gap between high-speed computer-room networks (parallel 
interfaces, etc.) and low-speed serial interfaces (e.g. RS-232) (see the earlier section 
local interactive terminals'). They allowed multiple devices to be connected via a shared 
transmission medium (Figure 1.6). Since their inception, a number of LAN technologies 
have been developed and, in the early days, there were a number of standards for LANs, 
including Arcnet (for the BBC micros) and the Cambridge ring. As often happens, the 
market has largely settled on a few technologies, primarily Ethernet but also Token 
Ring (these will be discussed in detail in Chapters 3 and 5). LANs further extended the 
benefits networks offer by allowing the interconnection of multiple computing facilities 
(such as PCs, mainframes and mini-computers) through a high-speed link. 



Figure 1.6: Local area networks 
(diagram courtesy of Prof. J. Tait, University of Sunderland) 



LANs provided easy-to-establish, high-speed connectivity between any connected 
devices, but with limited distances. 


Quick test 

Briefly outline the major stages in the evolution of networks. 

Section 2: Types of networked computing 

The main purpose of computer networking is to provide an organisation with services. 
Initially, this was for interactive computing but, with the introduction of PCs, the network 
has evolved to allow communication between PCs and also to provide services such as 
shared printing, shared disk access, etc. Networks typically provide these services to a 
client from either a dedicated server (known as client/server computing or networking) 
or from a peer computer (known as peer-to-peer networking). Networks constructed 
with a server are often said to have a client/server architecture, and those with a 
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community of equals are often said to have a peer-to-peer architecture. Understanding 
these architectures is fundamental to the study of networking. 

Introduction 

All networked computing facilities can be grouped into two architectures. 

• peer-to-peer networking; 

• client/server networking. 


Both architectures are intended for different uses and require networked operating 
systems (NOS) support (now built into Microsoft Windows). 



The fundamental difference between the two architectures is that client/server 
architectures require a dedicated server whereas, with peer-to-peer networks, there 
is no separate server and the work of the server is shared between the connected 
computers. Comparing Figures 1.7 and 1.8 (see below ) you will notice that Figure 
1.8 does not have a server. However, the physical connections to the media are still 

the same. ._. 


Client/server computing 

This is the traditional model of networked computing (Figure 1.7). Here clients make 
requests of a server (the diagrams shows a single-server system) and the server then 
carries out the request and provides a response to the client. This model has been in 
operation for many years and we have all probably encountered it at some point. It is 
'full blown' networking architecture and is supported by all network operating system 
vendors, such as Novell and even Microsoft in Windows NT and 2000. It is also supported 

by all versions of UNIX. 



Figure 1.7; Typical client/server architecture 


Key to this architecture is that there is (at least) one serving computer (the server) which 
provides all the client machines with the facilities they need - usually file and printer 
sharing. Although these services might seem trivial, they revolutionised computing. 
Without a network, sharing files was a real problem requiring users to share a floppy 
disk. As can be imagined, many problems arise from sharing a floppy disk, the most 
obvious being, of course, the inconvenience of having physically tb take the disk to 
the other user. Others include the compatibility and reliability of floppy disks and their 
limited capacity. In some cases, sharing a floppy disk is impossible - consider a gig or 
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cinema booking system with multiple users trying to access the same file: could they 
really operate by sharing a floppy disk? 

Specialist printers (such as colour laser printers) can be expensive and might not be 
used very often. By attaching such devices to a server, their facilities are made available 
to all network users, giving everyone access with minimal inconvenience. 

As the client/server architecture and its supporting Network Operating Systems 
(commonly called a NOS) have developed, other facilities have been added. For 
example, users can now be allocated to groups and security can be increased through 
the allocation of rights to those groups, granting access to specific files or devices. Files 
can also be accessed simultaneously by many users (although locking controls need 
to be in place to stop two users updating the same record at the same time). Printers 
have queues, which allow a client machine to send its entire print job to the server for 
processing - thus freeing up the client machine's own processing capacity. Some NOSs 
work on different types of computers allowing the machines to 'talk' to each other. An 
example of this is Novell Netware, which is available for Mac and PC platforms. Email 

facilities also require a central server. 

Client/server computing has undoubtedly revolutionised computing and provides 
benefits almost all organisations desire.The advantages far outweigh the disadvantages. 
The principal disadvantage, however, is cost - with client/server computing, there is a 
need to purchase a central serving machine that should be fast and have huge storage 
capacity. Such machines are not cheap and this sometimes puts them out of the reach 
of smaller businesses - enter the alternative approach of peer-to-peer networking. 

One other disadvantage to client/server computing is the reliance upon one central 
system for the provision of services. If something happens to that machine, access to 
all the information and to the services of that machine is lost. Therefore, competent 
personnel are required to manage client/server architectures. 




mm 







I • : 
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i with client server network architectures, there is (at least one) server that is a 
i dedicated machine providing services to the client. This machine may be unusable 

i other than through one of its client computers. 


Peer-to-peer networking 

Peer-to-peer networking is a low-cost way of providing some of the more popular 
benefits of networks at a fraction of the cost of a full-blown NOS. Its major benefit is, again, 
the sharing of resources printers, files, faxes, etc. The fundamental difference between 
client/server and peer-to-peer computing, however, is that with peer-to-peer networks, 
there is no central server (Figure 18). The tasks a server would normally perform are 
shared between the client machines themselves. For example, a shared printer would 
be connected to a client machine rather than being connected to the server. Similarly, 
data to be shared would reside on a client machine rather than on the server. Often all 
that is needed to establish a peer-to-peer network is the network cabling itself and a 
version of an operating system that supports peer-to-peer networking (e.g. Windows 

3.11,95,98,2000, XP.etc.). 
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Peer-to-peer networks obtain their name from the fact that, while each machine is 
being used by a user (a client), it may also be serving another computer (therefore 
acting as a server). Thus the conventional terms 'client' or 'server' are not applicable 
as, in this network, the machines are a community of 'equals' (peers). As there is no 
requirement for an expensive server and the machines usually have the appropriate 
software installed, peer-to-peer networking is a low-cost solution for smaller businesses 
or isolated pockets in large organisations. Because this type of networking is often found 
in small offices, it is sometimes referred to as 'small office computing'. 

Whilst it is possible to have a peer-to-peer network of large servers (e.g. UNIX servers), 
this is not generally what is meant by the definition of peer-to-peer networking and 
certainly not what is meant here. Peer-to-peer networking is really only suitable for small 
installations. Microsoft recommends a maximum often computers. After this, not only 
will throughput deteriorate, but also the general performance of the machines. It is not 
possible to give an exact figure because it depends upon how the computers are being 
used - if lots of disk and file sharing is going on, performance issues may arise with only 
four computers. Conversely, if there is little sharing of devices, both the network and the 
computers might operate satisfactorily with up to ten or more machines. 



Microsoft recommends a maximum often machines in a peer-to-peer network. 


The vendors of peer-to-peer network operating systems have made their set-up very 
simple, thus avoiding the need for specialist network management skills. Overall, peer- 
to-peer networks are most useful to smaller organisations that wish to try out networking 
in a small way or to larger organisations wishing to solve small problems. Usually there is 
little or no planning; such environments are usually fairly stable in terms of the user base; 
and peer to peer networks are only used for sharing a few resources. Examples would 
be a Managing Director and a Personal Assistant (PA) in a large organisation who link 
their machines to transfer data (files, letters, reports, etc.) and small office computing 
(e.g. a small law firm or a small estate agent who require file and printer sharing). Whilst 
isolated pockets in large organisations are not recommended, peer-to-peer networking 
can sometimes help provide limited connectivity as a stop-gap measure until the IT 
department is able to connect all the users. Small businesses, on the other hand, can use 
peer-to-peer networking whilst they expand and grow. The relatively low start-up costs, 
however, must be weighed against the possibilities for limited expansion, although 
investment in a company's peer-to-peer technology would not necessarily be lost when 
it was big enough to expand into a full client/server situation. 
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Both client/server and P eer ;J°; p ^ r should beVen to these when choosing the 

architectures need a^ojk technology (cables, cards, 
etc P ) to operate on (technologies are covered in Chapter 3). 

Quick test . and nper-to-oeer network architectures. 

Briefly list the differences between client/server and peer to pee 

Section 3: Network categories 

ttws^types a^^r^what'blurred. Thls^ction^reviews^the^differentT^egories^f 

nemork and identifies the key differences between them. 

SSSSJ&. classified into SneS’to 

they cover and according to'»mei other dist g ^h 9 pgrformance( geographic 

"To^eSon speed and degree of choice in the service provided, 
etc. The four common categories are. 

Local Area Networks (LANs); 

Metropolitan Area Networks (MANs); 

Wide Area Networks (WANs); 

Personal Area Networks (PANs) 
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- although a new category is emerging - Vehicular Area Networks (VANs). There are also 
other terms - Virtual Local Area Networks (VLANs) and Virtual Private Networks (VPNs). 

Local area network (LAN) 


Local area networks (or LANs, as they are called) cover, with the exception of PANs, 
the smallest geographical area for networks. Despite this, they are the most popular 
category, and LANs often have hundreds if not thousands of connections. LANs, as their 
name suggests, are intended to be local and small, although now this is not necessarily 
the case. When this type of network was first devised, a typical LAN would have been 
a classroom, an office or, at most, a few offices. Now LANs cover entire floors or even 
entire buildings and with buildings such as universities, colleges and call centres that is 
a lot of connections! 

LANs usually offer the highest speed of all network types as the media used in such 
networks are controlled by the organisations themselves and so, any constraints on 
the implementation of the technology are the responsibility of the organisations. For 
example, an organisation in the middle of the countryside is free to implement whatever 
media it desires for its LAN: it simply needs to buy the necessary equipment and install 
it. It could also have whatever speed LAN current technology supports. Should it wish 
to connect to a telecommunications provider (e.g. BT), the speed of connection would 

then be limited to what the provider can offer, which, in some parts of the countryside, 
is likely to be limited. 
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The characteristics of a LAN are as follows: 

It is usually based in one building. 

The speed of the technology is at the organisation's discretion. 

The management and maintenance of the network are the organisation's 
responsibility. 

There is a choice of technology. 

There is no outside involvement from telecommunications providers. 
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Metropolitan area networks (MANs) 


MANs are larger than LANs, yet they are contained within a defined geographical area. 
A good example of a MAN is a university campus where several buildings are connected 
together across a city or town or several universities or colleges are connected across 
a region. The media used in a MAN may be the jurisdiction of the organisation itself 
or may belong to one or more telecomms providers (in which case the speed may be 
restricted). The real determining factor in who provides the media, however, is cost 
Although UK law currently allows for any organisation to lay its own cables, the cost 
of doing so safely and without risk to the public is high. The longer the cable run, the 
more expensive this becomes, and so it is often cheaper to contract with a telecomms 
provider who can provide the link at a lower cost. 

MANs frequently don't belong to a single organisation but are a city or regional 
resource. An example of this is the NORthern Metropolitan Area Network (NORman), 
which is a network in the North East of England linking together the universities in the 
area and providing them with a very high-speed Internet connection. Because they 
use the services of a telecomms provider, MANs usually run at a slower speed than a 
LAN. However, they span a larger geographic area than a LAN and are either managed/ 
maintained by both the organisation and the telecomms provider or are the sole 
responsibility of the organisation. 
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MANs cover the ground somewhere between LANs and WANs (see the next section). 
They can be contained within an organisation's site or they may be a regional 
resource. They generally operate on lines leased from a communications provider 
and; hence, operate at a lower speed than a LAN. 


Wide area networks (WANs) 

WANs cover a geographical area beyond that of a MAN - perhaps all an organisation's 
offices in a country or even beyond national boundaries (a good example would be a 
multinational organisation with offices in different countries). WANs are almost always 
dependent upon telecomms providers, as the length of the media runs are huge and 
prohibitively expensive. 

As WANs are dependent upon telecomms providers, the speed of the link is likely to be 
limited compared with a MAN or a LAN. For example, the fastest commonly available 
link (in 2005) on a LAN is 1 Gbps or 1000 Mbps, and the cost of the equipment to set 
up a two-station network would be around £70 (at 2005 prices). In contrast, the current 
fastest link on a WAN is also 1 Gbps, but costs about £42,000 per annum to lease (at 2005 
prices) for the first 10 km, then £2000/km. For connection, the costs are £52,500 for the 
first 10 km and then £1000/km. 

Until 1998 the fastest link available externally was only about 2 Mbps, and this speed 
(or slower) can still be encountered in many parts of the world where a WAN may 
have to make a link. Maintenance of the WAN is shared between the organisation and 
the telecomms provider. When selecting a WAN link it is important to ensure that the 
provider will correct any faults in a timely manner - especially if the organisation is 
critically dependent upon the link. 
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Just as a chain is only as strong as its weakest link, so the speed of a network is 
usually only as fast as its slowest link - thoroughly research the areas where you 



WANS are differentiated in the following ways: 

• By the large geographic area they cover, 

• They almost always use a telecomms provider. 

• They are slower than a MAN or LAN link. 

• They possibly depend upon a number of telecomms providers (if they are 
international networks). 

• Maintenance is shared between the telecomms provider and the organisation. 


Personal area networks (PANs) 

The PAN definition started around the year 2000. PANs are intended to link personal 
computing devices such as Personal Digital Assistants (PDAs), mobile phones and 
laptops within a personal area - absolute maximum of 10 metres. PANs are intended 
to do away with the wires we all carry to link devices via a wireless network. Each of the 
devices is fitted with a radio communications card (working in Ghz), which allows it to 
communicate with several other devices simultaneously. One of the better known PAN 
technologies is Bluetooth. Bluetooth is a consortium of manufacturers that developed 
a standard that allows connection worldwide. More information can be found at 
www.bluetooth.com. 
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Bluetooth has enjoyed a rapid take-up and is used in a wide range of devices including 
mobile phones (handsets and headsets), digital video cameras and digital cameras 
as well as PDAs and laptops. Indeed, some car manufacturers have built in Bluetooth 
mobile phone connections. One of the likely limiting factors to Bluetooth is its speed. In 
2005, Bluetooth operated at a maximum 1 Mbps. 

In 2005, the USB alliance (www.usb.org) launched a wireless USB standard 'for next 
generation consumer electronic devices'. Speeds quoted are 480 Mbps at 3 m and 110 
Mbps at 10 metres. Given the vastly superior speeds offered, wireless USB is likely to 

become the future PAN technology. 



One of the most common mistakes made by students is to forget that networks are ; 
measured in megabits per second (Mbps) and that data is measured in megabytes : 
(MB). There are 8 bits in a byte and failure to work in bits rather than bytes puts you j 

out by a factor of 8. Thus 1 MB of data to be transferred is 8 Mb. I 

* . . . ... 

Vehicular area networks (VANs) 

The VAN definition started around the year 2004. VANs are usually wireless networks 
whose reach is bounded by the vehicle in which they are deployed. For example, in 
the UK, Virgin and GNER trains have wireless LANs that are available to train passengers 

throughout their journey. 

As the travelling public demand Internet access, VANs are sure to become commonplace 
on aircraft as well as buses and other forms of public transport. 

Technically, VANs are just wireless networks (see Chapter 5) that are available within 
a vehicle. The access point is located somewhere within the vehicle maintaining the 
connection for those travelling inside the vehicle. The actual connection to the Internet 
is made separately from the vehicle using a variety of technologies. 


Virtual local area networks (VLANs) 

Often, an organisation wishes to subdivide its LAN - for example, the accounts or 
personnel department may wish to keep its network secure whilst still being connected 
to the organisational LAN. This can be achieved using VLANs. VLAN technology is a by¬ 
product of switching technology (see Chapter 6), allowing a LAN to be subdivided into 
several virtual LANs. There is no difference in the physical structure of the LAN, but the 
switches deployed are configured to segregate traffic. Figure 1.9 shows a typical VLAN 
configuration. Here the network is divided into three separate VLANs. As with a normal 
LAN, the data passes through the organisation's backbone but, this time, it is tagged, 
identifying the VLAN to which it belongs. Data is only distributed within the VLAN, 
which provides greater security. 

VLANs can be configured in one of two ways: 

• Making the switch port a member of the VLAN. Thus any computer plugged into 
the port will become a member of that VLAN. This is known as a port centric. 

• Via the MAC address (see Chapter 3). Each machine has a unique address (called 
the MAC address). This can be used to determine VLAN membership. Thus VLAN 
membership is determined by the computer's MAC address, irrespective of the port 
to which it is connected. This is more secure than port centric as a potential hacker 
would need to gain access to a computer that is a member of the VLAN. This type 
of configuration is known as dynamic. 
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Figure 1.9: Network divided into VLANs 
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Internet 

The word 'Internet' is an abbreviation of internetwork - literally meaning a 'network 
of interconnected networks' - a definition that can be applied to many networks that 
could be part of the Internet or independent of it. Thus the Internet we all know (i.e. 
carrying web traffic) is effectively a worldwide internetwork of networks. 

An example of an internetwork is a college or university that has a large number of 
network connections Just as with a road, the more users who use it, the more congested 
it becomes and the slower everything runs. To ease such problems, the number of 
machines connected to a network is restricted and divided up into several, smaller 
networks. To provide the same functionality, the networks have to be'internetworked 
together, thus forming an Internet. In a large college or university, this internetwork is 
likely to comprise many smaller networks and can itself be connected to the Internet, 

The Internet itself, when conceived, was a network of networks. Designed by the 
Advanced Research Projects Agency (ARPA) of the US Department of Defense (DoD) in 
the 1960s, the Internet was developed to span military bases across the world and to 
connect their networks. It needed to be robust and to be able to opeiate in the event 
of a nuclear strike. It was later extended to those organisations that worked with the 
DoD - e.g. universities and suppliers. As the Internet became more widely known, more 
and more institutions wanted to be connected (especially academic institutions), the 

number of connections on the Internet rose. 

Until the early to mid-1990s, the Internet mainly carried text-based traffic (such as 
emails and files), although the standards for file transfer and remote login, etc. already 
existed. Any search was performed by a text-based utility called gopher. In the early 
1990s CERN introduced a hypertext system allowing text to be linked over the Internet 
(just as Microsoft Help files are linked). By 1994, the National Center for Supercomputer 
Applications (NCSA) enhanced this with its Mosaic browser, providing a graphical user 
interface (GUI) hypertext-based system. As anyone who has created a web page will 
know, the majority of a basic web page is text. Some elements are enclosed in tags 
(e.g. <p>), which are recognised by the browser and displayed in a particular way. This 
revolutionised the Internet and created the World Wide Web (www) that everyone 
wants to be a part of. However, the Internet is still the carrier of the web! 

Extranets 

Extranets are a popular discussion topic at the moment. An extranet essentially means 
extending access to an institution's network to its suppliers. Extranets are very popular 
because they can bring huge benefits. For example, a car manufacturer could extend 
access to its production network to its synchronous suppliers. By using this access, the 
suppliers could determine what cars were to be made that week and could ensure that 
they manufactured the correct components (e.g. seats) to go into the cars. Obviously, 
the seats would need to be the correct model and colour. In turn, by making their 
production schedule available to their own suppliers, the suppliers can ensure that the 
correct fabric is produced. In this example, none of the companies would need to hold 
much stock of finished goods but they can still fulfil the orders. By not holding stock 
they reduce storage and overall operating costs - hence the popularity of extranets. 
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The Internet Is a network of networks and is a publicly accessible information 
resource. An intranet is essentially an internet for use only within an organisation. 
An extranet is effectively an intranet that is typically shared among an organisation's 

suppliers. 
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Section 4: Voice over IP 

Organisations for a long time have had two distinct networks connecting up their offices 
- one for data and one for voice. 

Obviously the cost of maintaining these two links is expensive and with the merging 
of telephone and data standards it has only been a matter of time before a solution 

became available. 

Introduction 

Voice over IP (VoIP) is a technology by which an organisations data network can be used 
to carry voice traffic as well as data. There are numerous pieces of software available, 
such as Microsoft's Netmeeting, which allow you to chat over the Internet. One of the 
key differences between these types of software and VoIP is quality. 

VoIP is intended to replace the telephone service and as such must be at least as high a 
quality with key functions such as; reliability, ability to operate in the event of a power 

cut, switchboard functions, etc. 


VoIP 

VoIP requires special phones (Figure 111), which are essentially computers with a 
built in Ethernet switch. When the receiver is lifted or a button is pressed, the phone 
communicates over the network with a server such as Ciscos CallManager. When a 
number is dialled, CallManager looks up the telephone number and finds the IP address 
of the dialled phone (see Chapter 3). It then passes this back to the dialling phone, which 
can then communicate directly over the network. VoIP is extremely sensitive to delays 
and the organisational network must be configured to prioritise VoIP traffic. 

The data packets required to send VoIP are small, and can usually beeasily accommodated 
by the existing network. VoIP allows organisations to make significant savings by only 
having a data link between buildings and as such is likely to pay for itself within less than 

three years. VoIP also has many other features; 

• Extension mobility - you can 'login' to your phone. Using this method no matter 
where you login, that phone will have your extension number. 

• Features - IP phones are actually PCs and can be programmed using Java. 
Applications can be written for IP phones such as a register system in a school, 

further increasing the usefulness of the phone. 

• Wireless IP phones can move around access points providing coverage right across 
an organisation, rather than within reach of a traditional cordless phones base 

station. 


• Relatively easy to relocate a phone. 

The major disadvantage is the initial cost - the phones themselves are many times more 
expensive than a conventional phone, and they require specialist Ethernet switches (see 

Chapter 6) that can provide power over Ethernet cable. 



Figure 1.11 A Cisco 
7970G VoIP phone 
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Briefly discuss what is meant by the term VoIP. 

Section 5: End of chapter assessment 

? U oin'me the major developments that led to today's networks. 

2. Explain the differences and similarities between peer-to-peer an 

3 . Explain what is meant by the terms LAN, MAN, WAN, PAN and VAN. 

4. Explain what is meant by the term VoIP. 
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the implementation of the subject and gain extra marks. 

3. Again, an explanation and, again, diagrams can help with the explanation. The 
assessor wants you to demonstrate that you know of and understand the four 
major categories of networking: 


• LANs; 

• MANs; 

• WANs; 

• P ANsJ" 1 *^ h J 

This is your chance to impress with the currency of your knowledge by illustrating 
that you also know of an emerging category called VANs. Don't spend too much 
time on VANs as the assessor may have a marking scheme based only on the 
four, but quote a website or an example (e.g. a train) that illustrates your point. A 
successful answer would list the four categories and then discuss the properties 
of each of the categories - the geographic area they cover, speed, costs, who 
administers, any involvement from telecomms providers, etc. Typical applications 
and uses of the category will help demonstrate you have the ability to apply the 
knowledge. Don't be afraid to quote a university or college campus, classroom or 
national/multinational company in the categories, as these are perfect textbook 

examples. 

4. To answer this question you need to give a basic discussion of VoIP detailing what 
it is, what equipment is needed and what the advantages/disadvantages of this 
technology are. VoIP is a benefit or a use of networking so you shouldn't be asked 
too technical a question on it - unless you are studying a VoIP course! 

Section 6: Further reading and research 

Cisco Networking Academy Program (2004) CCNA 1 and 2 Companion Guide (3rd edn). 
Cisco Press. ISBN: 1 58713 50 1. Chapters 1 and 2. 

www.bluetooth.com 

www.usb.org 
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Chapter 2 


The networked system 


Chapter summary 

unbaralleled access to their information irrespective of geographic 
S£" nSSSn, between different machine types possrbie 

and when coupled with the Internet, make e-commerce possible. 

Organisations are constantly looking for ways in which they can save money or gam 
a competitive advantage - networks offer the promise of both. 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 
outcomes. You should be able to: 

Outcome 1: Networked resources 

ability to do this. 

Outcome 2: Facilities of a networked operating system 

r^of^^s; rrs ssaa a : 

ability to do this. 

Und easternd that*a netvvo'rk has limited bandwidth (capacity) and that applications 
that run on the network need to be both suitable and within the capacity of the 
network. Question B at the end of this chapter will test your ability to do this. 


» . networ.w,,. pre at, i = * 
security risks arid be aware such risks. Question 4 at the end of thrs chapter wrll 
test your ability to do this. 

Outcome 5: Licensing issues 

Understand the licensing issues associated with networked software and be able 
to provide advice. Question 5 at the end of this chapter will test your ability to do 

this. 

How will you be assessed on this? 

This chapter is very much introductory - setting out the major h ° f 

ideal assessment in this case would be a case study of an organ,*W «*hed 

to install a network. A case study would allow you to ly ?hat 

from this chapter in a manner relevant to the organisation J* ^ themtore imeiy at 

such an assessment will be an assignment. The question 

form such a case study. 






Section 1: Networked resources 

Computer networks are essential to most organisations and critical to a high number 
- that is to say, if the organisation was deprived of its network, it would no longer be 
able to carry out its mission. Such networks are considered 'mission critical'. 

It might be thought that such mission critical networks would be restricted to large 
organisations, but this is not the case. A reasonably large taxi company whose bookings 
are stored on a computer system and dispatched by that system would consider its 
network as mission critical. If it was unable to access the server, it would be unable to 
dispatch the taxis; if it couldn't do that, it couldn't carry out its mission. 

There are essential components to any networked system and this section explores 
these critical components. 

Overview of network resources 

From Chapter 1 we know that a network provides a means by which two or more 
computers can communicate. It is desirable to have such communications as they allow 
the efficient sharing of files and printers and make possible such communications as 
the web and email. In short, they tie together data, communications, computing and 
file servers. They also provide a mechanism by which data can be transferred between 
differing machine types - for example, Apple MACs and PCs. 

When considering resources, the best starting point is the computer itself: somehow the 
computer needs to be enabled to use the network. This is achieved by the installation 
of a Network Interface Card (or NIC). An NIC interfaces the computer's architecture with 
that of the network and facilitates connection between the two. Because of this, the NIC 
is said to be both network media dependent and computer hardware dependent. In 
short, the NIC you select needs to match both the internal architecture of the computer 
(e.g. PCI, ESIA, ISA) and the technology/media of the LAN (e.g. 100BaseT Ethernet). 
Figure 2.1 shows a selection of NICs, whilst Figure 2.2 shows the installation of an NIC. 
All computers that are to communicate over the network need to have NICs installed, 
most modern PCs have Ethernet NICs on board the system board. 



Figure 2.1: A selection of network interface cards (NICs) 
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The NIC must match the computer architecture, LAN technology and media. For 
example, a 100BaseT PCI Ethernet card is meant for computers with a PCI slot and 
for Ethernet technology that runs over UTP cabling (see Chapters 3 and 5). 


The computer is now electrically able to transfer data outside itself but doesn't have any 
form of connection with other computers and requires communications media. Most 
commonly, copper cables interconnect the machines. However, there is a variety of 
other media that are used in computer networking to carry the data - for example, fibre 
optic is used to carry light, and even air itself is used to carry radio waves (wireless LANs, 
Bluetooth) and light (infrared communication). To keep things simple we will look at a 
common medium - copper. Figure 2.3 shows Unshielded Twisted Pair (UTP) cabling, 
which is the most common form of connection today (terminating in an RJ-45 plug). 



Figure 2.3: The correctly made-up end of UTP cabling 


The media needs to be connected to the computers that are being networked, which 
may require the use of networking devices such as a hub or switch (Figure 2.4) (for 
further information, see Chapter 5). Our computers are then able to communicate with 
the outside world and are physically connected together. The final requirement is the 
software itself! On a Microsoft Windows platform, two pieces of software are necessary: 

• driver software for the NIC; 

• Windows itself. 
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Figure 2.4: Computers networked using an Ethernet switch 


As with most accessories purchased for a PC, NICs are shipped with a driver disk. The 
driver disk simply allows the computer to use (or 'drive') the hardware and needs to 
be installed before attempting to network the computer - otherwise the operating 
system won't be able to find the NIC! Since Windows for workgroups was launched in 
the mid-1990s the Windows operating system has had the ability to communicate over 
networks. The network settings can be found in the Control Panel (see Figure 2.5). 



> vX'Isv X 
v.v • 


.* • >; • % 

%*>Wv.\WA 

v.v.v 

•: >.y 






Comri Pand 


Find F«sl 


Digsai Carneis Dispaii 


Date/Tim« D«»fctcp 

Ttafitt* 


AvanHGij 

r.cnriBCl 


AjidNew Add>*Fwnovw 

Piogiamx 




Mod=*r.s 


Mouse 


Inteins* JavaPsug»i Keyfacad 

Option 


»nMR) 

PROSet 


Infryed 


Pnrttsfi QackTirw 


FCl*d Pwet 
(PCWCA) Mana^wer* 


N ok.a Modern Ql<8C 0-a»« 
0pkkm» Sowers |3&il) 


Ncki* 

ConrecH 


MuJjrted'3 \ Ne^wK 


ResayvaJ Sounds System Telc<*»nv 




v.v.v, 




Figure 2.5: Control Panel settings; note the networking icon 







hardware, software and media. The hardware provides the 


Networking requires 


electrical connection from the computer to the outside word, whilst the media 
connects the computers together. Networking 'kit* may be used to extend the 
media. The software uses this connection to carry bits of data. This data could be 
used to share or move anything that's digital. 


Quick test 

List the essential components of a networked operating system and briefly outline their 
purpose. 
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Section 2: Facilities of a networked operating 
system 

Quite simply, networked operating systems (or NOSs) enable almost any make of 
computer to communicate with almost any other make of computer. Although this 
sounds relatively simple, it is not - and the power such simple communication provides 
to an organisation is tremendous. As things continue to become digital, digital 
representation can be effectively moved on a computer network. Thus, as the digital 
revolution continues, the products can be shipped by the network - making things 

possible that were never dreamt of. 

Why are computer networks so popular? 

Networking has, throughout its history, brought huge benefits to organisations. For 
example, the ability of early programmers to work online was immeasurable in terms 
of efficiency and effectiveness. Before the advent of PCs in the 1980s, computing was 
undertaken on either mini or mainframe computers. As these were hugely expensive, 
organisations with such machines needed to ensure maximum use was being made 
of them whilst the machines themselves were kept secure. The most effective way of 
achieving this was via remote access through the network. Thus, in local authorities and 
large companies throughout the world, the resources of the computer - processing 
power, disk storage, printing, etc. - were shared, providing maximum benefits for the 

cost. 

In the early 1980s, IBM introduced the first PC, which was an instant success with 
organisations the world over. Processing power was brought to the desktop, as were 
files and printing devices. Having the files and printers local to a machine was, at first, 
a novelty - users were in charge of their own data, printing and processing power. 
Organisations very quickly realised that, although there were benefits to this approach, 
there were also drawbacks. Files, which needed to be shared, had to be swapped physically 
(sometimes referred to as 'sneakernef - a term which comes from walking around 
with a disk); expensive printing resources had to be duplicated; and the organisation s 
data was decentralised, difficult to locate, access and back-up. Take, for example, the 
booking office taking bookings for a popular gig we looked at briefly in Chapter I. The 
seating area (file) needs to be shared amongst everyone taking the bookings, otherwise 
over- or under-booking may occur. This cannot be effectively undertaken by sharing 
a floppy disk! As this example illustrates, the sharing of information in an organisation 
is critical. To most organisations, communication and the sharing of information are 
critical. A sales department may ask: 'Can production handle this extra order if we take 
it?' If production keep their data local, this will be difficult to find out and the order 

might be lost. 

LANs were soon added to the PC platform providing a means where the users could 
have their processing power locally, but could share information and other lesources 
such as expensive printers. The first LANs introduced to the PC environment were client/ 
server LANs and, today, the majority still are. However, such are the benefits provided by 
LANs that smaller organisations have introduced peer-to-peer LANs to provide similar 
benefits. As LANs have evolved, so have the benefits they provide. Early LANs provided 
facilities for file and printer sharing. Today, LANs provide many more benefits to the 

organisation. For example: 

• distributed processing (where the server can process, for example, a database 
query before returning the results to the client); 

• email facilities and file transfer; 

• remote backup; 

• video conferencing; 

• fax; 
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terms)*- af3pkca1: ' ons ' sucb as acc °unting and payroll systems (subject to licence 

shared data; 
telephony services. 

Using email as an example, few would argue that email has revolutionised 
communication. For example, in 2002, a fire at a chemical plant sent a toxic cloud over 
the north east. The university in which I work had one call from the police advisino 
everyone to stay inside. Relaying this life-threatening information to 1500 employees 
was achieved in seconds using email. Staff could then inform students to stay inside. 

Sharing information (such as working documents) with colleagues is difficult and time- 
consuming without email (the file would have to be copied to one disk per colleague and 
put in the internal post). It is much more effective to use email and simply attach the file 
The network, therefore, also has to provide the translation between different machine 
types. Thus a Mac computer can send and receive emails to and from a PC, which is 
easier than sharing floppy disks (due to the different formats between MACs and PCs), 
he Phrase information is power’ is certainly true - the organisation that can share and 
access the information the quickest is likely to be the one that progresses the fastest. In 

every sense networks provide an organisation with many ways of communicating more 

effectively. The fact that the cost of providing these facilities is relatively low means that 

the networks are providing low-cost/high-benefit solutions to an organisation - hence 
their popularity and continued growth. 







m 














.. . . 
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Networking has brought many benefits to organisations, allowing them to realise 
huge savings. Such a positive cost-benefit has fuelled the development of networks 
Organisations can almost always benefit from enhancing their networks 


Quick test 

popular tHe benefttS networks brin 9 t0 an organisation and, hence, why they are so 


Section 3: Capacity and performance issues 

■ . , p i 9 enormous benefits to an organisation and, therefore, 

organisations often become critically dependent upon their networks. Unfortunately 

computer networks do not have unlimited capacity, and it is important to realise that 

ti's can often be a limiting factor. This is particularly so when connecting externally, 
eith.r via a WAN or the Internet. (Chapter 7 covers capacity in more detail.) 

Capacity limitations 


Perhaps the single most limiting factor of a computer network is its capacity to carry data 

Unfortunately, networks lag behind computer architectures in terms of the amount of 

information they can pass from point to point. This is due, in part, to networks providing 

serial as opposed to parallel transmission. It is also due to the fact that the network is 

shared amongst many computers, where the faster internal architecture of a computer 
is reserved for its own use. 

It IS often helpful to think of a computer network in terms of plumbing. No one would 
dream of supplying the water needs to a twenty-storey hotel from a garden hose' There 
obviously isn t enough capacity in a garden hose - it isn’t big enough to let the required 
amount of water through and neither is the tap. If such a water supply was used the 
water would slow to a trickle for each user, and the problem would become more acute 
during peak times - early morning and when many people wanted a bath (high-volume 
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users) In fact if the water was fed from the bottom of the building it is likely that, 
durina peak times only the bottom floor would have a supply. This is because there is 
SKSlTcin substitute the hotel for a computet LAN (say 30 stations! 
and the garden hose for the LAN technology. If we have 10Base2 (see Chapter we 
have a maximum of 7 Mbps (technically 10Base2 has a theoretical maximum of 10 Mbps 
but in practice it's nearer 7 Mbps) shared amongst every user of the LAN. Thus ir'every 
seconc? we can transfer a maximum of 7 Mbps for all computers. Totakeanexarnple 
noor oualitv video is approximately 10 MB per minute: 10 MB x 8 - 80 Mbits. 80 Mb/60 
secs tells us that each machine requires 1.34 Mbits per second (Mbps) capacity to show 
the video over a LAN. If we have 30 machines, there is no way the LAN can cope. 


** ♦.♦.*.4 .«. ; s •* ’ * 





It is important to remember that data is measured in megabytes (MB) and networks ; 
work in megabits (Mb). To convert you need to multiply by MB by 8..; 

When considering placing an application on the LAN, the effects of doing so must 
be taken into account. If the LAN in our example was mission critical, by adding the 
video we would slow the information on the LAN to a trickle - which would mean the 
organisation would be unable to carry out its mission. This could seriously damage the 
organisation. For a store like Argos at Christmas, if an employee chose to watch a video 
ovS the LAN slowing it to a trickle, it might well take 30 minutes to serve each customer. 
The one thing that is certain about bandwidth is that we can never have enough. An 
organisation's requirements will constantly grow, just as LAN capacity will grow. 














! Networks don't have unlimited capacity. When introducing applications or data to 
j the LAN or making changes, we must ensure that the LAN can cope with the new 

i load (see Chapter 7). 


Quick test , . . . , „„„ 

Describe briefly what is meant by the term 'bandwidth'. Discuss why it isimportant to 
assess bandwidth and its impact when considering installing a networked application. 

Section 4: Security implications 

Whilst computer networks undoubtedly provide unparalleled access [° information, 
thev can also provide it to prying eyes. As soon as information is networked, it is shared 
with people we want to share it with and those we don't want to share it with. Hence t e 
need for security measures. (Security is given fuller treatment in Chapters 8, and 12.) 

Security implications 

Information security is often as paramount for commercial organisations as *' s f ° r 
military organisations. Companies have commercially-sensitive information as well as 
obligations under such legislation as the Data Protection Act 1984 to keep't secure. 
Before the widespread use of computers, information security was provided by rugged 

filing cabinets, perhaps a security guard and, u ^ I I I ' A, __ ^ I 

aim was simple - to limit access to sensitive information. Unauthorised access to such 

information could be damaging to the company. Consider a car dealership access to 
customer lists would be very helpful to other dealers. 

Before the widespread use of computers, it was relatively easy to spot someone stealing 
information - long periods spent at the photocopier and carrying large boxes of paper 


30 
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out of the building. The widespread use of computers makes it much easier to steal 
information. By using a DAT cartridge it is possible to steal 72 GB of data on a cartridge 
small enough to fit into a shirt pocket (to put 72 GB in context - the entire Encyclopaedia 
Britannica is around 1 GB!). Essentially, anyone connected to the corporate network 
has access to the information held on its computers and also travelling across the 
network. Organisations need to take steps to protect the contents of their servers and 
other computers. Access to servers should be via a password only, and users should be 
given the minimum access rights necessary for them to carry out their work. Computers 
(including PCs) that are connected to a corporate network should be reviewed to ensure 
that only the files and directories that need to be shared are shared and that all others 
are protected. Again, access to shared drives should be via a password only. 



Security should be paramount. To ignore security is to risk the organisation's 
entire existence - it cannot be treated as piecemeal. All organisations must take a 
professional approach to computer security. 


Quick test 

Briefly discuss why security is a vitally important issue with reference to information 
held on a network. 

Section 5: Licensing issues 

Breaking licence agreements is a civil offence, as is a breach of copyright or copying 
software. Software piracy is a serious issue and is reported to be costing the software 
industry billions of dollars each year. In 1984, the British Computer Society's Copyright 
Committee established the Federation Against Software Theft (or FAST). The aim of FAST 
is to safeguard software and, contrary to popular belief, the organisation represents 
both users and software producers. FAST can assist in identifying and prosecuting 
organisations or individuals who copy or use copied software or who breach licence 
agreements. Unauthorised copying of software and breaches of a software licence are 
serious crimes and there can be severe penalties for those caught.The network manager 
is often the one who is nominated to oversee an organisation's licence agreements, and 
such managers must understand licensing issues fully. 

Licensing issues 

Discussion of software licensing has necessarily been limited here. Network managers 
must ensure they understand their position fully and the wider issues involved. Before 
computer networks, licensing issues were relatively simple - a licence was bought for 
every machine the software was to be installed upon. If an organisation had 25 machines 
but only 10 were in use at any one time, it still needed 25 copies of the software or one 
per CPU. With the advent of computer networks, software could be held centrally and 
downloaded to a machine when required. Software manufacturers realised this and 
released appropriately designed networked versions of their software. Centra! to these 
licences is the issue of concurrency. Thus, a ten-user licence of networked software 
usually means a maximum of ten machines can be using that software at one time. 
When an eleventh user downloads and runs the software, this is a breach of the licence 
agreement. Some manufacturers include the word 'normally' in the licence agreement: 
'the number of users of the software will normally not exceed x'. The intention here is 
that, in exceptional circumstances, they would not be averse to more users than the 
licence permits, although there will be restrictions. An example of this could be the 
student records system in your institution. Normally it may only have eight users but, 
during times of enrolment extra staff may be needed to cope. This term, however, does 
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not apply to all software and its meaning should be checked with the manufacturers. 

Some argue that a user logging into a network and starting a piece of networked software 
may be unaware that the maximum number of licences have been used and that it is 
the software itself that should enforce the licence agreement. The argument about the 
user logging in is, however, valid - an organisation should know how many people are 
likely to be using a piece of software at one time. For example, if a university has three 
classes of 25 students using Microsoft Office, it should know it needs 75 licences. Some 
software does, on the other hand, enforce the licensing agreement through a licence 
meter. This works by the software either refusing to start if the maximum number 
of licences has been reached or - more cruelly - logging out the user who has been 
connected for the longest period of time. Whilst the use of a meter sounds good, in 
practice it can be problematic. If a machine crashes whilst using the software it, may not 
release the licence and, when restarted, may consume another licence. Eventually, this 
could lead to the situation where all the licences have been consumed through faults 
and so no one can use the software. This would obviously lead to frustration and to 

increased technical support costs. 


Quick test 

Briefly discuss the main issues concerning software licensing. 



An organisation must ensure it has sufficient software licences for the software in 
use. In the case of operating systems this will usually mean one licence per computer 
(as all computers need an operating system). Other software may be available in a 
networked version. An organisation should also ensure that the maximum number 
of concurrent users allowed under the licence agreements is never exceeded. 
Exceeding the licence agreement may result in prosecution, and the authorities take 

a serious view of such cases. 

Software licences and agreements do change over time, so remember to keep 
abreast. 


Section 6: End of chapter assessment 

Questions 

1. You have been approached by a local charity that wishes to network their office. 
It has limited funds and has asked you to identify the minimum resources it would 
need to network its office. It currently runs donated copies of Windows 98. 

2. The charity is aiming to help the unemployed over-fifties to get to grips with 
computing in the hope they can find employment. Typically, it intends to train 
ten students at a time in the use of word processors. The charity also has a small 
administration team of three. Two of the team typically use Microsoft Word and 
Access on a daily basis, handling confidential files on the charity's students and 
producing references for employment. A further administrator uses Excel. The 
functions this team provide can be considered mission critical. As the charity does 
not have sufficient printing resources, it would like the administration team to be 
connected to the network. Outline the benefits a network would offer the charity. 

3. The founder of the charity has recently acquired a high quality 1.5 GB AVI video 
which, over a period of 15 minutes, introduces the trainees to the benefits of word 
processing and many of the techniques they need. She feels that the class can 
use the video throughout the lesson rather than having formal instruction. As the 
charity will be networked, she feels that delivery of the video over the network will 

be ideal and has sought your advice. 
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4. I he charity has also asked your advice on the security implications of connecting 
the administrative staff to the teaching network. 

5. The charity has a ten-user licence for Microsoft Word, which is currently used by 
two administrators. It wishes to use the same licence for the classes it intends to 
teach and has asked for your advice on the licensing issues of such a move. 

Answers 

The questions above are all inter-related and are based upon a small case study. This 
is deliberate as it is likely that assessment of such topics will be in this form. Thus the 
answers below are likely to form subsections of your overall answer. In practice, the 
case study would go into far greater detail and would be tied in with capacity planning 
covered in Chapter 7. 

1. To answer this question, you need to pick up on the key facts - the organisation is a 
charity and has limited funds. It is seeking your advice on the minimum resources it 
needs to get its network operational. Obviously there are two sides to this question, 
as it is meant to test your academic knowledge - the assessor is not just looking 
for a shopping list, but for a list of items the charity requires together with an 
explanation of why it needs them and some form of explanation of what the items 
actually do/a justification of why they are needed. Don't forget: for a network to 
be successful, you need both hardware and software and the software they have 
would appear to support their requirements. 

2. This question is asking you to outline the benefits a computer network would 
bring to the charity. Although this is a case study, there is considerable scope in the 
benefits it can provide. Again, don't forget that the assessor isn't simply looking for 
a list of benefits: he or she is looking to see that you understand the benefits (shown 
through discussion) and that the benefits you propose are realistic and achievable 
within the charity's limited budget. 

3. This question is about managing the expectations of the end-user. Networks are 
useful and do provide enormous benefits, but they have limited bandwidth. In this 
example the founder of the charity has great expectations of the network, which 
it won't be able to deliver inside of her limited budget (assuming the charity will 
install a 10 or 100 Mbps Ethernet network - see Chapter 5). You need to discuss 
the fact that networks have limited bandwidth and advise her on what is and is not 
realistic. 

4. Although this question is simple enough, the answer is more complex and, as usual 
in such an assessment, some of the clues are hidden elsewhere. If you review the 
earlier questions, you will see what information is actually being held and processed 
on the computers connected to the network. You need to outline to the charity 
the security implications of what it intends to do. Again, a list isn't required - the 
assessor is after evidence of thought and wants to see discussion of the issues as 
well as guidance for the charity. 

5. The answer to this question centres on software licensing issues. To answer it you 
need to provide a general discussion of the software licensing issues and relate this 
to the case of the charity. It has a networked ten-user licence for Microsoft Word, 
but it is likely that, at peak times, it will exceed this licence. You need to inform the 
charity of the implications of this. 


Section 7: Further reading and research 

Cisco Networking Academy Program (2004) CCNA 1 and 2 Companion Guide (2nd edn). 
Cisco Press. ISBN: 1 58713 150 1. Chapters 1 and 2. 

Cisco Networking Academy Program (2003) CCNA 3 and 4 Companion Guide (2nd edn). 
Cisco Press. ISBN: 1 58713 113 7. Chapter 18. 
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Fundamentals of networks 


Chapter summary 

This chapter provides an introductiontjgjjgj £ 

studying computer networking, t is impor techno | oqy beco mes available, and that 
evolved, and will continue to ev , , be ut w j|| a | so evolve. A 

Learning outcomes 

After studying this chapter you should aim to test you, achievement of the following 
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How will you be assessed on this? 
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Section 1: Understanding network basics 

Computer networking is subject to the J^ ai ^ un P d h ^f,,Jng. The laws of physics 

also govern the speed and development of networking• "ks understand 

of the basic physics that im pa rt on ne w 9- jtted by a computer, digital 

binaty - that binary is the basrs of f If this is not the case, it is 

SffiSS a bo 9 ok on computer architectures to pick up these basics 
before proceeding. 
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Encoding 

Computer networking is about moving data (in the form of bits) along some sort of 
transmission media (most commonly, a piece of wire). For transmission, the data needs 
to be encoded into a electrical voltage that can then be carried by the wire. 



is likened to a pipe carrying water 


Figure 3.1 shows data encoding using +12 v to represent a 0 and 12 v to represent a 1. It 

is common usage to employ two voltages to differentiate a no signal state from a signal 

state. Thus, if the sender is at the right and the receiver at the left, the data 0101010 is 
being transmitted. 



Figure 3.1: Data encoding 

(diagram courtesy of Professor Peter Hodson, University of Glamorgan) 

Any good computer architecture book will detail how alphanumeric characters are 

encoded using an encoding mechanism such as the American Standard Code for 
Information Interchange (ASCII). 

Circuits 

To carry data a circuit is required. In most cases a circuit comprises two wires. Consider 

Figure 3.2, which is a simple torch circuit. Here, when the switch is closed, the electrons 

move providing electricity to the bulb, which lights up. Opening the switch stops the 

now of electrons and the light goes out. This circuit could be used to represent basic 
binary digits (either 1 (on) or 0 (off)). 



Figure 3.2: Simple torch circuit 


Networking also needs complete circuits - we call the cables the 'signal' and the signal 
'ground'. As can be seen from Figure 3.1, determining the height of the signal (the 
voltage) accurately is of crucial importance. The signal wire carries the signal whilst the 
signal ground completes the circuit and allows the height of the signal to be determined. 
In practice, networks often use multiple voltage levels to represent many bit patterns. 
For example, by using four voltages we can encode two bits to each voltage, which 
allows transmission of twice as much data by each voltage level: 


Voltage 1 

00 

Voltage 2 

01 

Voltage 3 

10 

Voltage 4 

11 
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or a telephone). 




You must understand these three types 
range of networking situations. 


of circuits, as they are often referred to in a } 
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Electrical signals are susceptible to a wiJo^SrengTh andarrWe^aUhe destination 
signal travels along the wire d iff,cultto determine how it was originally 

This loss of strength is known as attenuat, oiv»JJ^ tjon can be add ressed in analogue 
networks by amplifying the s.gna lor n chgrtai ^newor ^ y P js a perfect 
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deference between a DVD (digital) and a video (analogue). 
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The following is a summary of the common sources of error: 

Attenuation As the signal travels^atongI the ™ wea k to use. 

SnToSS a U heS« fs recommended ,ha, the cable lengths be no more than 

Impulse noise Sometimes^"“^ a | s ^™™g"fluore2ent)lghts and electrical 
signals given off by some electrical le ™- es ( *> , or even destr oy it. Lightning 

ET’.'SS-wK noS. cSould betaken when routing the network 

cable to avoid dose contact with such devices. 

SBSS3kSSb?S^SS£5Ed by twisting the two wires in the circurt 
together (hence twisted pair 
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below). A good example of this in the UK is Channel 5 TV, which is transmitted on a 
frequency used by most video recorders - if the video and Channel 5 are switched 
on together they often interfere with each other. This problem can be addressed by 
altering the frequencies used for transmission. 

• Radiation Just as atmospheric conditions interfere with TV signals, they can 
also interfere with computer networks and telephone networks. Thankfully, such 

interference is rare and can be addressed by using shielded cabling. 

• Radio frequency interference (RFI) RFI is interference caused by devices emitting 
radio signals in the proximity of the network cable. Again, electric motors and 
fluorescent lights can be a source of this. Other sources include mobile phones and 
other devices that transmit radio signals. Reduction of such interference is identical 

to impulse noise. 

• Signal reflection If a network cable is not terminated correctly, the transmitted 
signal is reflected back from the open end of the cable and interferes with the 
remainder of the signal and others that follow. This was a particular problem with 

10Base2 and 10Base5 networks. 


Electrostatic discharge (ESD) 

Often referred to simply as 'static' or 'static electricity', ESD is caused by the electrons 
becoming loosened and staying in one place, where they look for an opportunity to 
'jump' to a conductor. ESD is the shock we feel when we have built up a charge from, for 
example, dragging our feet on a nylon carpet and then touching something - perhaps 
a metal stair bannister. Other than a shock, it is usually harmless to human beings, but to 
sensitive electronic components, such as those found inside a computer or networking 
devices, it can be fatal. ESD can be as high as 40,000 volts, which can wreak havoc on a 

5-volt computer circuit. 

Broadband/baseband 

A TV aerial cable carries many channels (e.g. BBC1 and ITV1). Although there is only 
one piece of cable the companies are able to transmit the channels using discrete 
frequencies - a different frequency for each channel. Technically, this is known as 

broadband signalling. 

Computer networks can operate in a similar fashion - the available frequency range of 
the cable can be divided up and used to transmit different signals. Broadband services 
from telecommunications companies use this concept - one channel for Internet access 
and other, separate channels for telephones and (sometimes) fax. Thus a device needs 
to be employed at the socket to divide the signals. 

Alternatively, a signal can occupy the entire frequency range, which is known as 
baseband signalling. This allows the signal to use all the frequency range available on 
the cable and, hence, it has a higher throughput (more bandwidth). Ethernet uses this 

principle. 


Packets 

Data to be transmitted across the network is broken down into chunks known as 
packets. There are two main reasons for breaking the data down into chunks. To 



Remember, data is measured in megabytes (MB) and data on a network is measured 
in megabits (Mb). .. 


reduce the amount of data lost to noise; and 
ensure fair access to the medium. 
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.. n kad r .f ri^ta — 7x8 aives us 16 Mb. Let s assume 
Let's imagine we need to transmit 2 MB b J ore an error occurs. Thus we 

corrupted by an error and requirere r*™ J^reakthe date ^ ^ ^ 
occurs, requiring only 0.5 Mb to ber mdansmtted B e *° h "9 “ “ eeds t0 c P onta in 

Sd sTze h ft xed b, network technology designers and cannot be 
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is over. 

Error detection/correction 

We cannot prevent errors fr °m occurring ^ consider a spreadsheet 

detect all errors since data with 1 anerror d b we don . t know that the amounts 

with financial information - if an err ° r h t | jke | y have studied parity as 

not accurate enough for today s networks a^t V fajt po | ynomia | s t0 detect errors. 

AH that Medsto'be'known^s that the, detect 99.997% of all errors and that correction 
requires the data to be retransmitted. 

Quick test 


i. 


2 . 

3 . 


Briefly describe how data can be sent over a computer network. Your answer should 

include encoding. . 

Describe the differences between full duplex, half duplex and simplex circuits. 

Briefly describe the kinds of interference that can occur in computer networks and 
how these can be addressed. 


Section 2: Network topologies 

The words 'technology' and 'topoiog/ are often used d^ces and their 

it is important to clarify these terms. 9 of the netw0 rk. Different technologies 

operation, whereas topology is th pyP differing topologies available for 

^SrS^lS-d^rr between iogica, and physical 

topology are distinguished. 












is a DODular type 

| Sinaltqtsbon *o& U to discuss which topologies 

| support a networking technology (see Chapter 5).. 












Early star networks 

forming a star pattern (the star network - see Figure 3.3). 
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Figure 3.3: An early star network 
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issue. . 

The advantages of this type of topology, on the other hand, are. 

robustness - a cable break will only affect one machine; 

• performance - each terminal has a dedicated cable. 

RS232-C connectors (Figure 3.4) are the standard connectors used here (known as D.25) 
The cable used is twisted pair (see Figure 3.19). 



Figure 3.4: D.25 serial connector 

Point-to-point network 

iSSIBStl 

(he honte where two co = potha p s share cos,I, 
resources, such as a colour laser printer, or to facilitate file transfer. 




Figure 3.5: Point-to-point network 
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The bus network (Figure 3.6) used to be cable 

£ SSiStlmllar ,0 that used by TV aerials 

and cable TV) (Figure 3.9). 



Figure 3.6: Bus network 

The advantages of a bus network include the following: 

i;:::i;: d rr:: e :::i ^«. - *■ «-*» *■ «■ ° f 

expensive recabling). 

Rand width was higher than early star networks. 

Facilitates communication with the interconnected device without going throug 
the central computer. 

The disadvantages included the following: . , 

The media was shared - therefore there was contention fo, access that required an 
algorithm to ensure fairness. 

Data was sen. in a broadcast fashion, meaning that all computers could 'see' the 
information - a security weakness. 

A cable break on the main bus cable took down the entire network. 

] h ^ r ,It “17, mi Xt'tie 0 

dramatically and performance became an issue. 

For cabling and connectors, see tree network below. 

Tree network 

„ is possible .0 connect bus networks together mform a ^T, 

ate known as hubs and are a 
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specialist piece of hardware. The standard connector used in this type of network was 
the British Naval Connector (BNC) (Figure 3.8). The cable used was co-axial cable (similar 
to that used by TV aerials and cable TV) (Figure 3.9). 



Figure 3.7: Tree network 



Figure 3.8: British naval connector (BNC) 



Ring network 

In the ring topology (Figure 3.10), computers are connected to one another in a 
circular fashion and therefore form a ring. Although several companies and several 
implementations were involved, the two most notable were the Cambridge ring 
(developed in Cambridge University and used extensively by Acorn in the BBC 
microcomputer series) and the Token Ring (developed and used extensively by IBM). 
The dominant network in this topology was IBM's Token Ring network. 
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Figure 3.10: Ring network 


The advantages of the ring topology are as follows: 

• robustness - there are two links to each PC; 

• in the case of Token Ring, higher capacity than 10Base2, 5 or TEtheme , 

• a fairer method of access than standard Ethernet (see Chapter 5). 

The major disadvantage was cost. As the fee Attached't cfi t)it was substantially more 
propriety technology (which had a roy ^ aained the lion's share of the market 


Star with logical ring 

Occasionally, ring networks 

(Figure 3.11) as they run to a piece of hardware « d a star 


p 


p 


p 


Logical ring 


Physical star 
connections to MAU 


Htoeo* <xri 


MAU 


42 
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p 
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Figure3.11: Logicairing 


Connectors used in the IBM Token Ring 

3SSSS SS SSSSSSS£< with«* technology (Figure 3.,4) 

- note the metal sides to the RJ-45. 
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Figure 3.10: Ring network 

The advantages of the ring topology are as follows: 
robustness - there are two links to each PC; 

in the case of Token Ring, higher capacity than 10Base2,5 or T Etherne , 

• a fairer method of access than standard Ethernet (see Chapter 5). 

The major disadvantage was cost. As the feeTtachedm^t),'it was substantially more 
propriety technology (which had a royalty • d the lion's share of the market 

Star with logical ring 

Occasionally, ring networks (especially IjMs Taken Ring) a PP“ 1^° 

I h p^ ^rkS^^^ operates as such. 



Figure3.11: Logicairing 

Connectors used in the IBMToto, fft* arere^lit 

Shielded B3SSSSSSEE — Sd with this techno,og, (figure S.M, 
- note the metal sides to the RJ-45. 


42 
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Figure 3.12: Typical Token Ring connectors 



Figure 3.13: STP cabling 

(diagram courtesy of Peter Hodson, University of Glamorgan) 





Figure 3.14: STP RJ-45 connector (note the metal grounding) 

Mesh network 

The final topology is the mesh network (Figure 3.15). With a mesh network a number of 
connections exist between machines and, in order to get fronn one machine to another, 
a route must be established. Mesh networks are complex and are des'gned to provide 
resilience in the event of a cable break. A mesh network can be either full or partial. In 
the case of a full mesh network, every node is directly connected to every other no e 
- there is more than one route to every PC or network in the mesh. As its name suggests, 
a partial mesh network is not complete (Figure 3.15 shows a full mesh network^The 
Internet itself is a mesh network, as part of its original design specifkal^n was i resrfrence. 

cost and complexity Mesh networks are almost always WAN links and, therefore, th 
cabling is prodded by the service provider. Atypical connector (V.35) is shown in Figure 

3.16. 
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Figure 3.15: Full mesh network 
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Figure 3.16: Typical WAN serial connector (V.35) 

Structured cabling solutions/modern star 

Modern organisations experience a * paci tyVnd*Si ab'dity.The^ri'g'mal star network 

Because of these advantages, he network (see Figure 3.17) has, 

at its centre, a wiring closet to which al* Sie wiring closet, each 

computer sockets, etc.) on that floor n be connected to a service using 

different computer network, teiephone 

services and perhaps ISDN lines. 



Figure 3.17: Modern star network 

Known as a structured cabling solution, this ' S p ^ 1000 m 2 floor space 

new installations, each installation requiring cab | ing . structured cabling 

interconnected by cable (usually fibre), points to be installed per user and 

provide a very flexible commumcations solutio . F cgrd (see chapter 5) V ja a 

cabling solution. The PC is conne tedd j rect | y to the patch panel in the wiring 

'drop cable' to the floor socket This is ® ct ^ from the serv j C e point to the 

re by RMS plugs (Rgure 3.20) 

and sockets. 
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Floor 

socket 


'Horizontal' cabling 
to patch panel 


Network 
interface card 
inside PC 
provides 
connectivity to 
the computer 


Ethernet hub 


Wiring closet 


Figure 3.18: Typical structured cabling 


Outer 


Colour-coded 

plastic 

insulation 


RJ-45 connector 


3.19: UTP cabling (diagram courtesy of Cisco Systems Inc.) 


Figure 3.20: RJ-45 connector 


the standard in almost all new installations 


Structured cabling is now 




*v. : 

: •: : • ' 
;y./... 




It is important to be able to remember the various topologies and to be able to d 
these topologies. ..... 


Technologies 

As well as having a physical shape networks also r 

su P %Ta e n~JworkTlSowVcX 0 ctive^the techr^ 

and Token Ring). The most popular technologies are discussed in detail Chap . 
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Quick test 

1. Name the most common network topologies and discuss the differences between 
them. 

2. For each of the topologies given, list any advantages/disadvantages. 

Section 3: Network addressing and protocols 

Computer networking is a complex business and requires rules to govern the 
communication. Such rules are known as protocols and are critical to computer 
networking. Most crucial of all is the open systems interconnection (OSI) seven-layer 
model for computer communication, which defines standards and protocols that are 
used extensively in the networking industry today. 

Protocols 

Computer communications are extremely complex, and there are many parameters that 
must be agreed before communication can take place. What was needed, therefore, 
was a standard (or protocol) for communication between computers. In other areas, this 
problem has been resolved by breaking down one large, complex problem into several 
smaller ones - for instance, with personal CD players the headphones jack is a standard 
3.5 mm, therefore, any headphones can be used; it can play any audio-compatible CD; 
standard battery compartment means any make of batteries can be used; and, if the 
player has a mains adaptor, it can be plugged into any mains outlet that fits the adapter. 
This is because tight standards have been set that govern the production of all the 
pieces of equipment. 

The same is true with networking: standards for networks were established and a model 
devised. This model, known as the Open Systems Interconnection (OSI) seven-layer 
model, was devised by members of ISO (the International Standards Organisation). The 
layers of the OSI seven-layer model are shown in Figure 3.21 , and the model is discussed 
in detail in Chapter 4. Prior to the model (which was devised in the early 1980s), vendors 
tended to produce proprietary network solutions, which reduced the end-user's choice 
and limited the connectivity of the machine. 


* 


Application 


Presentation 


Session 


Transport 



Network 



Datalink 

i 


Physical 





Figure 3.21: The ISO seven-layer model 


The benefits the layered model brings are as follows: 

• It breaks network communication down into smaller simpler parts that are easier to 
develop. 

• It facilitates the standardisation of network components to allow multi-vendor 
development and support. 
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• It allows different types of hardware and software to communicate with each 
other. 

• It prevents changes in one layer from affecting the other layers so that layer 
technologies can be developed more quickly. 


• It makes networks easier to learn. 

Whilst the seven-layer model brings many benefits, it has several disadvantages: 

• Redundant functions and facilities are retained. 

• Simple communication is made over-complicated because of structure overheads. 


• The structure overheads reduce the overall performance. 



Apart from their importance in the real world of networking, the benefits and 
disadvantages of layered approaches to networking is a very common question in 

TCTs. 


Logical and physical addressing 

Devices on a network must be able to communicate directly with one another and must 
be uniquely identified. Communication can then take place in a way similar to the postal 
system: the sender addresses an envelope or package to a recipient (including a return 
address). The postal system examines the recipient's address and forwards the package 
as appropriate. This may involve the package being forwarded to another postal 
network or sorting office before being delivered to the recipient. 

Computer networks operate on an almost identical principle. Each machine on the 
network has an address to which data can be forwarded. In order to reach its recipient, 
the package may have to cross multiple networks before it is delivered. On a computer, 

there are two possible addressing mechanisms: 

• physical; and 

# logical. 

Physical addressing (also known as layer two addressing as it occurs m layer two of the 
OSI model) mechanisms are used internally within an organisation. Tney use^n address 
that is hardcoded on to the Media Access Control unit (MAC) - usually part of the 
networking card (i.e. the NIC). With Ethernet networks, this is either a 16 or 48 bit field 
(usually 48 bit) that is unique across the world. Burnt into ROM (on the NIC) and unable 
to be changed, the first half of the address identifies the manufacturer; the second half 
is the serial number within the manufacturer's ID. Thus replacing a card will change 
the MAC address. Whilst this is acceptable for local area networks where the address is 
circulated as the machine interacts, it would clearly be impossible to know the physical 
address of every machine in the world (and to keep that list up to date!). Thus another 
mechanism for addressing machines globally is needed - logical. 

Logical addressing is used for three main reasons. To: 

1 . overcome the problem of a card change; 

2 . allow the demarcation of networks; 

3 . provide a structure to the addressing scheme. 

The best analogy that can be drawn to logical addressing is the telephone network. If 
you purchased a phone and the serial number of that phone was your phone number, 
each time you changed the phone you would need to notify all your Triends of your 
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new number - something that is clearly undesirable. Also, as phones could be ocat 
anywhere in the world, when friends call you, the telephone network would have to try 

the telephone network is structured. For example, if you were to ring the University of 
Sunderland helpline from outside the UK, you would dial the following number: 

00 44191 515S000 

The 00 routes the call from the local telephone exchange to an international one; the 44 
routes the call to the UK; the 191 to the north east of England; the 515 to the University of 
Sunderland; and the 3000 is the number of the student helpline. This s tr uctu re allowsThe 
telephone network to make much better use of its resources, and it allows demarcat o 
of telephone networks - once the call has left one country/service provider it is the 
responsibility of another. Also, you can change your phone at will without having to 

notify your friends because your telephone number remains the same. 

Logical addressing for networks is very similar. The most popular lpg ica| addressing 
mechanism is that used on the Internet - Internet Protocol (IP) addressing. With IP 
addressing, an organisation is issued a block of IP addresses from its Internet Service 
Provider (ISP), which is issued these by the Network Information Center in the USA, 
their agents (early in Internet development, the Network Information Center would 
issue blocks of numbers, known as licences, directly to large organisations see below). 

These numbers are 4 byte dotted decimal. For example: 

157.228.102.1 
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We need to use logical addressing to provide a means by which we can structure 
traffic on the Internet and maintain independence from the MAC address.. 


Computers are thus grouped under the organisation's or ISP's network address^ which 
are issued in licenses 9 Although these numbers are dotted decimal, they are actually a 
decimal representation of eight binary digits (a byte). The 'arg^tnumberth^canbe 
presented by a byte is 255 (all 0s are reserved for the network address and all is are 
reserved for the broadcast address; therefore the maximum available is 254). There are 

three possible types of licence: 

Class A licences These were intended for very large organisations and were mainly 
issued to universities in the US, but are rarely issued now. In a class A licence, the 
first byte is fixed but the organisation is free to allocate addresses in the other 
bytes giving it a maximum of 254 x 254 x 254=16 3 million poss'bleaddresseson 
its network. Class A licences are no longer issued. In a class A ^ence, the le f tmos 
bit is always zero. The largest number that can be represented is therefore 1 27 and 
thus the range is: 1 - 1 26. X. X. X (127 is reserved for the loopbad<.addressi- a means 
of testing the network hardware and software on a computer). Thus, there are 

class A licences each with 16.3 million addresses. 

Class B licences These were also issued to large organisations - many universities 
in the UK hold a class B licence. With a class B licence, the first two bytes are fixed, 
giving the organisation a maximum of 254 x 254 - 64,516 possible addresses 
its network Thus 157.228 uniquely identifies the University of Sunderland, the 
remaining parts of the address identify specific machines. Class B icences are very 
rarely issued now. The first two bits of a class B licence are always 10. Therefore the 

effective range is 128-191. X. X. X. 

Class C licences These are the most common and are still issued. In a class C licence, 
the first three bytes are fixed, giving the organisation 254 possible addresses on 
network. The first three bits if a class C licence are always 110 therefore the effective 

range is 192-223. X. X. X. 
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Internet service providers (ISPs) either allocate IP addresses statically - that is to say, a 
machine always has the same IP address (a necessity for a web seiver), or dynamically 
- leased for a period (usually 24 hours), after which it needs to be reviewed. Logical 
addressing is also known as layer-three addressing because it occurs at layer-three of 

the OSI seven-layer model. 

Clearly few organisations will ever have 16.3 million computers (that a class A licence 
would allow) and few holding a class B license will ever have 64,516 computers - such 

allocation of IP addresses has meant huge wastage. 

Subnetworks (subnets) 

As can be seen from the above, with class A and B licences there would be a huge 
number of hosts on a network. If we take class A as an example, it is possible there could 
be 16.3 million computers on a single network. This is akin to having all the cars in the 
country on one road at the same time - there would be too much traffic and everything 
would nrind to a halt. Just as the road network comprises many roads, the computer 


network can also be divided into smaller networks or subnetworks (often referred to 
as subnets). And just as with road networks, such a division reduces the load in each 
subnetwork enabling traffic to flow more freely. The key to good network design is 

traffic management (see Chapter 7). 

The network is therefore divided using a subnetwork (or subnet) mask. As its name 
suggests, this is a mask (in the form of 4 bytes) that is applied to the IP number to 
determine the correct network for the traffic. The subnet mask is local to the organisation 
only (i.e. it is not transmitted outside the organisation) and is found in a computers 
settings. In Windows this can be found in the Network Connections box or by running 
iDConfiq (Windows XP and 2000) or winipcfg (in Windows 98) (Figure 3.22). 
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Figure 3.22: Ethernet settings 

(using winipcfg from Windows 98 as it is easier to understand) 

nnle. we can see that the IP address is class B (157 is in the class B range) 
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ssss? 


(ipconfig in Windows XP) 


Figure 3.23: Ethernet settings 


Section 4: End of chapter assessment 


Questions 


i. 


2 . 


3. 


CMIUII3 , 

Discuss how data is encoded on to a medium and why a packet structure is use . 
You should use any necessary diagrams to illustrate your answer. 

For each popular networking topology, draw a diagram illustrating the topology 
and highlight any advantages/disadvantages of the topology. 

Discuss the terms 'logical' and 'physical' addressing. Highlight any differences and 
qive an example of the use of each. 


Answers 

1 “"SSESsiSsSSS 

used Wherever possible, you should illustrate your answer with diagrams. 

' iliiisiiliii 3 

Section 5: Further reading and research 

Cisco Networking Academy Program (2004) CCNA 11 and 2 Companion Guide (3rd edn) 
Cisco Press. ISBN: 1 5871315 01 . Chapters 1,7 and 8. 

Computer Systems Architecture (2002) R M Newman, E Gaura and D Hibbs 
Publishing. ISBN 1-903337-07-0. 












CHAPTER 4: STANDARDS 

Chapter 4 

Standards 



Chapter summary 

One of the most important things to understand when studying networking is the 
standards involved. The main set of standards that has helped networks evolve so 
quickly is the Open Systems Integration (OSI) seven-layer model. This provides a 
model for the development of computer communication and is fundamental to the 
study of networking. Other models exist, however, the two most important being 
the transmission control protocol/Internet protocol model and the Novell netware 
model. TCP/IP is of great importance as the Internet is built around this model; 
the netware model, however, is seen as less important in the networking industry 
today. This chapter concentrates on the OSI and TCP/IP models. (The benefits of 

the seven-layer model were discussed in Chdpter 3.) 

Learning outcomes 

After studying this chapter you should aim to testyour achievement of the following 


outcomes. You should be able to: 

Outcome 1: OSI seven-layer model 

Understand the concept of, and each layer of, the OSI sev 
1 at the end of this chapter will test your ability to do this 

Outcome 2: TCP/IP model 






This chapter is probably the most important in this book, and understanding it is 
key to the study of networking. You should study this chapter repeatedly until you 
understand it. This study shouldn't be in vain - you are almost guaranteed to be 
assessed on it. This is even more true of MCSE or CCNA professional qualifications. 
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Section 1: The OSI seven-layer model 

Earlv computer networking evolved slowly and in a proprietary fashion until those 
bols Jotedin networking came together unde, the umbrella of the Intematronal 
Standards Organisation (ISO) and developed the open systems interconnect on (OSI) 
model. This model has been responsible for the rapid development of compute 
networking that has taken place and which continues to take place. Understand ng 
the sevendayer model is an absolute necessity for the continued study of networking 

and for most professional qualifications. 

The OSI seven-layer model 

The OSI seven-layer model (sometimes referred to as the ISO seven-layer model) 

basically divides the complex process of computer co ^ mu " icatlon KpSefit^of a 
defined parts that aid understanding and network development (the benefits of a 

layered approach are discussed in Chapter 3). Because the process is broker i.nto parts,it 

than offering a complete service. This is common practice in other areas (for example as 
we saw in Chapter 3 with portable CD players). The layers of the OSI seven-layer model 
were given in Figure 3.21 in the last chapter but are shown here again for convenience 

in Figure 4.1. 




Application 

Presentation 



Session 



Transport 



Network 



Data link 



Physical 





Figure 4.1: The OSI seven-layer model 

.... . ,,,-r mn iinmrnirr T- - -- 


A phrase might help you remember the order of the layers in the model. My personal 
favourite, which works from the bottom up is: 

Please 

Do 

Not 

Throw 

Sausage 

PiZZa rra ^SSS^^ Wu-U . 1 

Away 

There is another 
works top down 


- 'A Powered-down System Transmits No Data Packets' which 


• • • • • V « ' 


The seven-layer model facilitates communication between any two computer 
systems that support the model even though their underlying architecture, encoding 
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mechanisms (e.g. ASCII, EBCDIC) and method of storage may be totally incompatible. 
The model therefore allows totally incompatible machines (such as Apple MACs and 
PCs) to share data, to send email and to browse the web. The model achieves this by 
converting the data into an abstract data type that can be understood by both machine 
types and through handling all aspects of communication between the machines. 

To take an abstract example. A French businessman wishes to speak to a Greek 
businesswoman over the phone. Neither can speak the language of the other and so 
they decide to use interpreters. Unfortunately, they cannot find a French-to-Greek 
interpreter in either country but can find a French-to-English in France and a Greek- 
to-English in Greece. By using the abstract language of English they have a basis for 
communication. They also need to establish the call (through the company telephone 
operator), to have mechanisms in place to redial should the connection break, to speak 
courteously, etc. They may also need to handle delays in the telephone network. Figure 
4.2 shows how such a communication structure might look. 


| French businessman 

1 Greek business woman 

» * 

I French-to-Enqlish interpreter 


Greek-to-English interpreter 

i 

▼ 

Telephone operator 
—= 

Telephone operator 


_ i _ 

| French telephone 


Greek telephone 

* 

'_ i _ 

| French telephone network 

A 

] 

Greek telephone network 


International telephone network International telephone network 


Figure 4.2: Communicating using telephones 

As can be appreciated, this process is quite complex: the business people don't need 
to know how the telephone networks operate or how the telephone operates, the 
language of the other person or even the number to dial. They simply rely on services 
provided by the others, but the services must meet standards. The seven-layer model 
uses the same concept for computer communication, although the functions of each 

layer are clearly different. 


The upper layers 

The top three layers of the model are application orientated - that is, they are machine 
and operating-system specific, converting the data received from the network into a 

usable form and vice versa. 

Layer 7: the application layer i 

The application layer is the network layer that is closest to the user. It differs from the 
other layers in that it doesn't provide services to any other OSI layer. It provides the 
user's application (e.g. browsers, telnet, word processors, spreadsheets) with network 
services, such as file access, Internet access and shared printing. One of the best ways 
of remembering the application layer and its function is to think of it as the interface for 

browsers. 

Layer 6: the presentation layer 

The presentation layer is responsible for converting between data formats - putting the 
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data to be sent into an abstract [“'"‘ ““ “’""'^po^Me'fo'riata compression and 
for tbe machine. The presertawn ayer B ata suctl as Qu i c ktime. The 

TJX "-ibie tor K ~S^.SoS So^e 

between the hosts, for session regulation ,ernci the dja ,_ up bo x tha t springs 

exception reporting. Effectively, the sew ^ jV ut having a connection. It also controls 

IltuesTnfSSons. Think of the session layer as springing-up the dial-up 
box. 


The lower layers 


So far we have been discussing informat^n to be be^ra^mitted effectively 

3 the data, however, must be broken enters the process of being 

a cross the network. It is in the lower layers concerned with data transport, 

broken down. Hence, the lower la y ers n ° f with application issues. This boundary 

iMiySKr as^S 3 S ?««*— 1 

data horn the sending host 

segments and reassembles the s e and Shields it from details such as reliability 

Tnd ^ control and reliability for ease of 

memory). 

Layer 3: the network layer addressinq resides. It is the layer 

The network layer is a co™ p d * aXselecton between the host systems. The Internet 
that provides connectivity and path selection d , the ' C | ou d' in diagrams) 

operates at this layer. The devices in it (o P logica! address (that is known 

■<-* “ be on geographically separate 

Thedata continues to be broken 

suitable for transnnission across T he most important elements in the 

and the source address the network add _ we can 9 think of them as such (see 

Chapter 3 for more information on IP addres ^ ^ £ increasing as we add 

Seaderl and" SeMTo member this layer, think of path selection, routing and 
logical addressing.) 

Layer 2: the data link layer across a physical link. As it is 

The data link layer provides for the ra $ addresses are particular to the 

the physical link, it uses physica • becoming network dependent. Whilst 

* also coyers access to the communications 

medium (see Chapter 5). 
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The data continues to be broken up. The packets are taken from the network layer 
and are broken into frames suitable for transmission over the implemented network 
technology. Different network technologies - for example, Ethernet and Token Ring 
(see Chapter 5) - have different frame sizes and composition - just as the envelopes 
used for letters differ in size between the USA and the UK. Again, headers and footers 
are added to the data. The headers contain the physical addresses of the source and 
destination machines, and the footer contains another CRC for the frame. (To remember 
this layer, think of frames and access control.) 


Layer 1: the physical layer 

The physical layer is the very bottom of the model and is concerned with the electrical, 
mechanical, procedural and functional specifications for activating, maintaining and 
deactivating the physical link between end systems. The data is sent from this layer 
one bit at a time, perhaps as voltages on a wire. Thus the data needs to be broken 
up into further bits at this layer of the model. The properties that allow the data to be 
sent and received accurately (such as voltage levels, timing of voltage changes, physical 
data rates, etc.) need to be defined here. Maximum transmission distances, physical 
connectors and other similar attributes are defined in this layer's specification. (The best 
way to remember this layer is to think of physical properties and bits.) 
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In this discussion of the seven-layer model we have looked at five distinct formats in 
which the data is converted or encapsulated. From the bottom up these are: 


4 

» 




• bits; 

frames; - 

• packets; 

• segments; 

• datastream. 

Again, a phrase might help you to remember this. My favourite is 

British 
Forces 
Postal 
Service 

| The data simply comes at the end! 


Quick test 

List the seven layers of the OSI seven-layer model and briefly describe each. Now amend 
your answer to show how the data is encapsulated at each later. 



The seven-layer model will almost certainly crop up as an examination question at 
some point. The model is so fundamental to networking that an examiner is almost 
duty-bound to ask it! You may as well, therefore, make life simple and learn it 
thoroughly now. .. TpcF.r^v 
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Application layer ld handle all the hig her or 
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and dialogue control. Just HKe 
property packaged for the next layer. 
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******** a ? *, ^ 


* * * * 4 * 9 * % ft « 


O * 4 < V* * ft dit'tf «* 


CHAPTER 4: STANDARDS 


******* +.**»*»» m +», * r » 


t-A fc * « « ? « 


*%**«*„ 


Internet layer 

they arrive at their delation ‘ndepTSrfthSand'Se 5 th f e , ln “ rnet » 
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Network access layer 

This layer is essentially a combination of the seven-layer model's nhvsir s l an H n>t c i 
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networking - 

Quick test 

Listthe four layers of the TCP/IP model and briefly describe each 


one. 


Section 3: Comparison of the models 

£S--=a:sssi ss 


Application 

Presentation \ Application layers I Application 


Application layers 


Session 


Transport 
Network 
Datalink 
Physical 


Transport 


Layers concerned 
with data flow 


Internet 


Layers concerned 
with data flow 


Network access 


Figure 4.4: Comparison of the OSI seven-layer model and the TCP/IP model 

The similarities between the two models can be summarised as follows: 

• Both are layered models and, as such, have the benefits of layering (see Chapters). 

• Both have application layers, although the TCP/IP application layer incorporates 
tne session and presentation layers. 

• The transport layer is comparable in each. 

The Internet layer (TCP/IP) and the network layer (OSI) are comparable. 
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Both have packet switched technology. 

Networking professionals need to understand both models. 

The differences can be summarised as follows. 

TCP/IP appears simpler because it has fewer layers. 

TCP/IP combines the presentation and session layers into the application layer. 
TCP/IP combines the OSI data link and physical layers into one layer, known as the 

network access layer. 

The OSI seven-layer model is used as a guide around which networks are . 


. 
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pizza - don't throw it away! 












Section 4: End of chapter assessment 

Q “?de!“the layers of the OS, seven-layer mode, and brief,, describe each one. 


Z; ,mode, and briedy describe the function of each 

one. 


3. 


Compare and contrast the OSI seven-layer model and the TCP/IP model. 


Answers 


i. 


In this kind of question the examiner is looking for two things: 
your knowledge of the layers; 

• your understanding of what each layer does. 

Using a phrase (perhaps'please do ^ervTaye^ modeLFor that'finishing toudf, 

networking related. You can also rk/are buHt Next you need to discuss 

is used as a guide around^ which networks^are, ayer . If you can 

remember some of the standards provides a service to 

services of the layer below (apart from the physri 
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layer). For really high marks, you could also discuss data encapsulation at layers 
1-4 and the fact that it is a data stream at layer 5 (remember 'British Forces Postal 

Service'). 

2. Again, the examiner is looking for two things: 

• your knowledge of the layers; 

• your understanding of the functions of the layers. 

Again, use a phrase ('A TIN') to help you remember the layers and their sequence. 
Draw a diagram and, to impress, show the difference between the application- 
orientated layers and the network-orientated ones. You may further impress 
by stating that the TCP/IP model, unlike the OSI seven-layer model, is actually 
implemented - it is the one around which the Internet is built. Next, a discussion 
of each layer and its functions is required. Remember to include that each layer 
provides services to the layer above. High marks will be assured by discussing 
data encapsulation in the model (using the same mnemonic 'British Forces Postal 

Service'). 

3. This time the examiner is looking for the differences between the two models. 
The starting point is to construct a diagram similar to Figure 4.4, which compares 
the two models. It is worth spending some time getting this diagram correct as 
it will almost completely answer this question! By using the word 'compare', the 
examiner is asking for the similarities and, by 'contrast', the differences. Section 3 
provides a summarised list of the similarities and differences. Your answer should 
include these, but in a more discursive way. However, make sure you make them 
easy to find and mark! Don't forget the major difference is that the OSI model is just 
that - a model - whereas the Internet is built around the TCP/IP model. 

Section 5: Further reading and research 

Most comprehensive texts on networking will provide you with further reading on this 
topic. 

Cisco Networking Academy Program (2004) First Year Companion Guide (3rd edn) Cisco 
Press. ISBN: 1 58713 150 1. Chapters 2,7. 




CHAPTER 5: POPULAR TECHNOLOGIES 


<9 * * ^ 


ft * #*r « * ♦ ft ft *$■«-** ft * * ***** * * » * ft 4 * * * ft £ * «•*«%: ft * «'*♦ *> ft * * * 


Chapter 5 


Popular technologies 



ft seek to cover ail the 


over 


outcomes 


aim to test your 


Outcome 1: Ethernet networks 

* *4 »’ * • » • *»• < • • 4 M < 41 • y • • • <» • I • • ».M.* • ■ • j' * • ‘ 4 ■ * ■ • • * * . > *« * ■ • & • • » *• • t 4 * • 4*» •’ •/.* • • • * • • * •' • •' C < • • • • . .. -»«*• • • - • * 

Understand the development variants, method of access, typical uses and hardware 
components of Ethernet networks. Question 1 at the end of this chapter will test 


Outcome 2: Token Ring networks 

Understand the development, variants, method of access, typical uses and hardware 
components of Token Ring networks. Question 2 at the end of this chapter will test 
your ability to do this. 

Outcome 3: FDD! networks 

• *. . || • • • . *4 V* -4. • 4 • • I % ' . ' ■.*» 4* .*■ ‘ * • • 

Understand the operation, typical uses and hardware components of fibre 
distributed data interface {FDD]) networks. Question 3 at the end of this chapter 
will test your ability to do this. 

Outcome 4: ATM Networks 

Understand the operation, typical uses and hardware components of asynchronous 
transmission mode (ATM) networks. Question 4 at the end of this chapter will test 
your ability to do this. 

How will you be assessed on this? 

The technologies covered in this chapter represent the range of technologies in 
use today. The assessment of your studies is almost guaranteed to include them. 
Commonly, assessments are in the form of a design (in an assignment) and, as 
part of a TCT, questions regarding their particular features. You are often asked 
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Section 1: Ethernet networks (IEEE 802.3) 

Ethernet (IEEE 802.3) networks are the most popular networks in the world, and-fhe 

technology is continuing to develop in response to various organisations' needs It 

is widely implemented everywhere and looks like being the LAN of choice for some 

considerable period of time. As such, it is the network that is given the areatest 
treatment in this chapter. y 

Method of access 

Initially Ethernet was a bus network (see Chapter 3), and its method of access is known 
as Carrier Sense Multiple Access with Collision Detection (CSMA/CD). The assembled 
data is broadcast (like a TV programme but occupying the whole frequency) over the 
media. The steps involved in a transmission can be summarised as follows: 

• Listen to network. 

• If it is clear, begin transmission of the frame. 

• Continue to listen to the network. 

• sjgnai** l5 ' 0n ' S ^°^ ^ W ° ^ rames co, * lc ^ n 9 w *th one another), send out a jamming 

• If the jamming signal is heard, stop transmitting and wait for a random time period 

before retrying. K 

Figure 5.1 shows two Ethernet stations (A and C) that wish to transmit at the same 

time. Both are listening to the network: there is no transmission and so both beqin 

to transmit The frames eventually collide and both are lost, requiring retransmission. 

he time taken from transmission to collision to the end of the random time period is 
therefore, wasted time. K 



Figure 5.1: An Ethernet collision 

Sat ar?tl e ammlmA a m ti 0 h al °° Base2 and 10Base5) is that ' the more frames 
hurnber S * w d ' Sf h ' 9her ! S the P robabilit V of a collision. And the greater the 

9oir >qon upr» »i° n i' J he m ° re frameS that require retransm 'Ssion. Whilst all this is 
te nd y t -?k V6ry tt e , data 15 9 etting through, and the users experience severe delays. This 

Ethernet i.k en f When th c e , data P resented to the network exceeds 7 Mbps. Traditional 

short h,, 'l ther i f0 ' e u ? eful In situations of moderate load and particularly useful for 
* ^ursty traffic loads. 
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absohjtdy r ^un?amenta| ir when ta movrng V on^to'%T e ^' Um t Shared ' indeed ' ’** * 

that an army commander needs to apt a b !i s t0 draw an ana l°gy. Suppose 
battle. He writes a note and gives this to the territor y during a 

is calm, the dispatcher goes out Once hp'snnnp th' Spa her ‘ Both listen and < if all 
shot is heard, the commanderknows*the 'iJSZ^SSV^ ' iStenS agai "' lf a 
out another dispatcher. The more intense the battled 9 thr ° u Ugh and 50 sends 

.. 

Ethernet frame formats 

"r f °™ As <*— * 

are the units used by the Internet Droinmi np , b , acrass ,he network. Packet 

“ses a specific ”>■ A Peoria, 

in Chapters) 6 ' * t0 be ' padded out ' (frame consents amdiSussed in mo!? dS 


Preamble I Dest 'nation 

address 


Length 


0-150 0 

Data 


(46-0) 
Padding 


Figure 5.2: Ethernet frame structure 


Ethernet variants 


53) e h edS 3 bUS ° r tree t0p0l0g ^ 
5-3) has been adopted for Ethernet. ^ namm 9 convention (shown in Figure 


10Base5 


Speed of the 
connection 

in Mbps 


Maximum number of metres (in 

hundreds) per cable segment. 2 or 

a 5 denotes coaxial cable. 

(NB: T denotes twisted pair.) 


Figure 5.3: Ethernet naming convention 
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Table 5.1 summarises the variants. 

Max. dist. 
/segment 


Max. wax ' 

nodes per segments 
segment | per LAN 


Max. Topology 


Cable 

type 


Up tO 4U KIT 

on single 
mode fiber 


Table 5.1: Ethernet variants 




Ethernet is the 
importance can 


It is easily distinguished by the thick 10 mm 
’rates on the bus/tree topology. Because of 
i segment of this cable, after initial y I being 
,one connecting LANs formed with 10Base2 
jse of the thickness and rigidity of the cable 
■quired the use of a specialist device, called 
j a tap is installed. Other than this, onlyone 
in-built transceivers or external tiansceivers) 
is expensive because of the costs associated 
nrfrps are not available as this variant o 


10Base5 Ethernet tap and transceiver 
j of Blackbox Networks) 


10 mm 
coaxial 

5 mm 
coaxial 

500 

10 

bus/tree 

185 

10 

jbus/tree 
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Vampire tap 


, . „ Figure 5.5: Installation of a tan 

» esy o Surasak Sanguanpong, Kasetsart University, Thailand) 


10Base2 


hardware costs (hence i^was^ls^ knownas rh " ^ dUe 5 itS very low '"Nation and 
coaxial cable (very similar^T?aeria? oble, S*PX? U i$ baSed on 5 ™ 

(see Figure 5 . 6 ). Its price made it popular for lisp in h 6 main Britis 1 nava * connectors 
applications (e.g. lawyers' offices Late and forsmal1 networking 

Adding machines to the network was also pL/ ntS 'iftT a companies and in the home) 

computer. Providing certain standards werenhJl, j i e) and t0 c °nnect the new 
that was needed to construct a two-station 10Basp? nl ^ £ omputer would operate. All 
cards (NICs) (approximately £10 at the end of life nrfJ? 0 ,0Base2 Ethernet 

(around £5 at the end-of-life price in 2003) in frwnL 6 - eary 2003 ^ a p,ece of cable 

Phe„ „er and ,0Ba?e2 SSf « 




Non-break 
Ethernet connector 








it ;.;:. ,, 


BN C connector 




mm 



BN C connector 



T piece 


Figure 5.6; Typical 10Base5 
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of 10Base2 were 


kit requirements; t 

lS ng, which minimises disruption to the insta 
antages were: 

rmance for busy networks (e.g-college multi 

.11 mmnuters (although connectors 


invented to 


lOBaseT 

Whilst lOBase2 probably ensured tl 

"is competitors it still suited 
manv organisations were looking tc 
Token Ring (its main competitor) wc 

developed. 

lOBaseT Ethernet is basrfUF®" ; 
Finure 5.7) at the centre. 1 OBase 
Figure 5 8). This makes the system 

£ structured cabling. Thus the i 

somewhat easier than in the pasO 

the hub all the P orts ne 

and capacity is lost. The ne 


chnology. compared 
iso, in the mid-1990s 
and cabling, and 
lOBaseT Ethernet was 
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cable break problems. A so 

ucture their communications 
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45 connectors and twisted pair 
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=ment and maintenance of th 
^hod of access is, however, no d 

her just as in a bus topology an. 

therefore still works as though 


occur 
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Figure 5.7: lOBaseT hub 

qely dead technology with the price 
^r.mnarable to lOBaseT. 


of 100BaseT equipment having 


lOBaseT is now alar 

fallen so much as tc 
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Advantages of lOBaseT were: 

structured cabling; 
resilience to cable breaks; 
low cost of components; 

company reorganisation is easier to 
Disadvantages were: 

capacity is still lost to collisions; 


accommodate 


installation costs are high compared to 1 0Base2- 

3 ** "** <* «*> a,, star based technologies, 



RJ-45 connector 


Figure 5.8 
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The switches also allow simultaneous 1 ^ t P f t h e f n et w^rk ^nd'^fi'r ml y* establishing 
Ethernet as the network of choice for most orgmsatw ns. 100BaseT 



Figure 5.9: Switched ports 

The costs of 1 OOBaseT were Initially high ' ^ E 

as little as £16 (at 2005 prices) andcar*, rom J possible to build a 

rEESS a"!)ndud?n y g a switch and about £2, using crossover 

cable. 

The major advantages of switch-based 10OBaseT are: 

• the virtual elimination of collisions, 

• the high-speed data throughput; 

• it was the quickest desktop networking solution; 

• its costs are now very low, making it the obvious choice. 

The main disadvantage of 100BaseT is the switch, which represents a single pom, of 
failure (as with all star-based technologies). 



the EIA/TIA;s recommended desktop networking standard.. 

.MM... 


100BaseFX , „ 

In 1995, a version of 100Base Ethernet was technologies 

market as a conversion technology t0 °vercom e p ^ ^ motor room, then g signa | 
cabling has to pass through a P3rtic u| arly noisy ^ gs ljght on a fibre it makes 

SSSS^S toEded,TnEa Articular, 9 , common yarian, of Ethernet hence Its 

limited discussion. 
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lOOOBaseT (or Gigabit Ethernet) . 

EthernetAltence™hed took only 1 8 months), the 

an easy upgrade path to, 1 ooBaseT L,s Gioah,, F,h„,™ 6 form «. Gigabit Ethernet is 
and in the networking infrastructure that Drovidpc r 6t Can n0W be found on servers 
In 2004 there was a major orice dmn f r ^ connectl °ns between switches. 

£H in 2005 and a switch costing iust £42 inloof ^ £105 an Mb 2003 to 

provides both full and half-duplex oSo^nffo?® 0 *? 6 100B a se T, Gigabit Ethernet 

1000 Mbps receive and transmit Given its rimmaf™ 9tb< j P oss ‘ bi l'ty of simultaneous 
Ethernet to the desktop in the near future d pnce fal1 ' we ™y well see Gigabit 

»—• * m*r 

based technologies). ^presents a single point of failure (as with all star- 
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10 Gigabit Ethernet 

was propoTed 'in^February' 2 (WO "with™Ci^ccTsystem ^^ Ether f net ‘ 10 Gi 9 ^it Ethernet 

EtherHet a |,iance . The loSgabS^^^S^^" 11 ^ the 10 Gi 9 ab 't 

between wiring do^a^in^to^p^GE to°th t0 ° perateas uplinks 

transmission distance of 40 km over sKe mol fih de ,f. ktop - 10GE is ca pable of a 
possibly a WAN technology as well as a LAN fibre mak ' ng * Suitable as a MAN and 

tockbone^tec^^Jogyfpe an^sewe?cards aren't^'^P ^ a , switcb ' As tbls ' s essentially a 
deployment in large organisations that rem, m hinlf?' appli “ ble - Initially, 10GE will see 
backup/disaster recovery or hiqh availability h ^ • ar)C ^ lc ^ backbones for capacity 

fall as the technology becomes mom Sy ado ptt d ' m ' Ai Wi,h GE '<”*« «'» 

Wireless LAN (WLAN) 

were developed and 20wthekteke-up int^orqTniSt^ 5 ' r 2 ° 01 m3ny products 

are now commonplace just about everywhere ^rh^ nffi 66 " pbenomenal and they 
:z ot ° me ' n"T trams S2S5S2“ ^ ** '“ d 

as the mod, o m ofmamm Is uonmS tacIpMr b V tctifising radio wayes 

provide less bandwidth than comentionTSd sysBms " °" “ ““ basis ' b “' 

Compaflbili^See' WECA) -which lat« SaSgST'"" ° f ‘ he Wlreless E,hernet 

standards allow for JlKSSSf" « the 802 3 Efhernei 
Specified media includes: multiple media, so does the 802.11 standard. 
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j infrared light; 

/ 2,4 Ghz frequency band; 

• 5 Ghz frequency band. 


cilii'pr ess inieneiein-c vnvm - ^ . nr . c 

summarises the various standards available in 2005. 


Standard 

802.11 


Ratified 

1997 


802.11a 


2000 


802.11b 


2000 


802.11 g 


Network 

Proprietary 

Standards 

based 

Standards 

b ased 

I Standards 
based 


Frequency 

2.4 Ghz 


2.4 Ghz 


2.4 Ghz, later 
5 Ghz 

5 Ghz 


Speed 

1-2 Mbps 

1-2 Mbps, later 
11 Mbps 

11 Mbps, later 
54 Mbps 

I 54 Mbps 


i ouz.. i ly i i | —-——- 

It must be remerr^bered thrt^ores^to^^N^^imilarto that^of Ethernet^b^ed^upoii 

poJ > nt e Thus't > he SA^bpsof 802.1 ig is pStiSfariy af it is 

of an access point, unlike a hub, which Is limited 

by the number of ports. ^ QC c nnint (essentially a radio transceiver) 

Set up of WLANs is very sim P^°“ ^ a UTP connection and commonly 

that connects to the network-Th.'Connectionisusu^ tQ the organisa tional LAN. Each 

supplies power to the trans “'v neec | s a WLAN card installed and may need 

registering as being able to use the WLAN. After that y are ^ ^ access 

Normal rules governing rad 1 ° ^'be?terThe^peed of connection. As you move to 

and speed is s,epp 

In 2005, a typical 54 Mbps wireless acce ^P°'"1 ^^tional w^ed LANs but requiring 
SSeslo be SS nSless disruption to business and lower installation 

• L » . ^ 
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Figure 5.12: Cisco Aironet 1400 outdoor WLAN bridge 

(image courtesy of Cisco Systems Inc.) 
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Figure 5.13: A selection of WLAN antennas 
(image courtesy of Cisco Systems Inc.) 

We may well see broadband services being distributed to the home via WLAN 
technology in the future as the costs of implementation will be dramatically less tha 

installing ground cabling. 

The major advantages of WLANs are: 

• easy and low cost installation; 

• ability to provide connection unobtrusively, e.g. airline lounges, 

• rapid deployment; 

• mobility. 

Disadvantages of WLANs are: 
t slow speed; 

• security issues (although these are addressed, there is still a fear of 
eavesdropping); 

. increased radio waves in the working environment and associated health worries. 


Briefly list the main variants of Ethernet, together with their advantages and 
disadvantages. 
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to be circulating endlessly. The monitor station can then take action to clean up the 
network by replacing the frame with a free token frame. Supposing machine B is the 
monitor station, we will re-run the example above. Machine A transmits the data packet 
to machine C. The frame passes through machine B (the monitor station), which sets 
the monitor bit. The frame passes through machine C which copies the data. Machine 
C then sets the address recognised bit and the data copied bit. The frame then passes 
through machines D and E. Let's assume the sender (machine A) has suffered a failure 
and has gone down. The switching technology in Token Ring means machine A will be 
bypassed and so the frame passes to machine B. At this point, the frame is circulating 
endlessly and so no one else can transmit. The monitor station (machine B) notices 
that the monitor bit is already set, indicating it has seen the frame before. The monitor 
station generates a new free token and places it on to the network (in place of the data 
packet). As a further precaution, the machines 'on standby' to become monitor stations 
periodically inquire whether they can become the monitor station. Thus, if the monitor 
station should go down, the network will be able to continue. 



’.♦A n-K 



An analogy to help you remember Token Ring operation is a relay race - you can't 
run without the baton (the free token) and you must pass it on when you have run 
round the track once. The baton gives you access to the track (the media). 


Token Ring hardware 

Although a ring, Token Ring operates as a star format and has, at its centre a Multistation 
Access Unit or MAU (see Figure 5.15). The MAU simply connects the stations together in 
a ring but, in the event of a cable being broken or a machine going down, the MAU can 
bypass the port. Every machine on the network needs a Token Ring networking card. 
The cable used for a Token Ring is, typically, shielded twisted pair (STP) (see Chapter 3). 



Figure 5.15: Token Ring MAU 
(courtesy of Blackbox Networks) 


Token Ring frame structure 

Token Ring has two frame formats - a free token frame and a data frame. Figure 5.16 
shows the free token and Figure 5.17 the data frame. 


Start delimeter (1 byte) 


Access control (1 byte) 


End delimeter (1 byte) 


Figure 5.16: Structure of Token Ring free token 



Figure 5.17: Structure of Token Ring data frame 
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Figure 5.18: Structure of the eccess control part of the data frame 


Advantages/disadvantages of Token Ring 
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Token Ring has the following advantages: 


It is a much fairer method of access. 


Bandwidth is not lost to collisions. 
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It is able to prioritise data flows. 


Its disadvantages are as follows: 


Costs are much higher than Ethernet. 


Speed is not as great as 100BaseT. 


Quick test 


Briefly describe the mode of operation of a Token Ring 


network. 



Token Ring and Ethernet are two of the 
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Method of access and operation 

FDDI operates in a similar manner to Token Ring and it is also based on a ring topology. 
It uses fibre optic cabling (see Figure 5.19) and offers speeds of up to 100 Mbps in 
private networks. Its dual concentric rings also provide greater resilience to cable 
breaks (if one cable is cut or breaks, the data can use the other cable). One of the rings 
operates in a clockwise fashion and the other anti-clockwise to ensure all nodes are 
in reach. FDDI uses the same method of operation and access to the media as Token 
Ring networks and it uses similar flags for recognised address and data copied. FDDI is 
used in backbone cabling and to link together networking devices, such as switches and 
hubs (see Chapter 6), as shown in Figure 5.20. 



Glass fibre 
and 

cladding 


Outer jacket 


Kevlar reinforcing material 

Plastic shield 


Multimode connector 




Figure 5.19: Fibre optic cabling (courtesy of Cisco Systems Inc.) 



Figure 5.20: A typical FDDI deployment 


Advantages/disadvantages of FDDI 

The major advantages of FDDI are as follows: 

• Its speed as compared with such technologies as conventional Ethernet and Token 
Ring (FDDI was available when 10Base2 was the standard for LAN cabling). 

• Its robustness. 


• The distance it can cover - fibre optic can carry data further than copper without 
the need for signal regeneration (2 km between nodes). 
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The major disadvantages of FDDI are as follows: 


Its speed when compared to Gigabit Ethernet. 

Mrks" harm ° ny With the te ' eph0ne netWOrk and therefore slower 


over public 


Quick test 

Briefly describe an FDDI network and its uses. 

Section 4: Asynchronous Transmission 
Method (ATM) 
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Figure 5.21: Atypical ATM configuration 

Advantages/disadvantages of ATM 

ATM has the following advantages: 

. I, is harmonised with the telephone network, providing 155 Mbps connection 
external to the organisation. 

• It has a higher speed than FDDI. 

The disadvantages of ATM include the following: 

• costs (compared with the gigabit Ethernet); and 

• speed (compared with the gigabit Ethernet). 












international data links. . 




an ATM network and ontline wh» it is so revolutionary. 

Section 5: End of chapter assessment 

the mode of access of Ethernet technology, and outline the major 
developments of this technology. 

2 Discuss the way Token Ring operates. Highlight its advantages and disadvantages 
Z SSSed to conventional (10Base2 and 10BaseS) Ethernet. 

3. Discuss FDDI technology, highlighting its mode of operation and typical uses. 

4. Discuss ATM technology, explaining why ATM is so revolutionary. 
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Answers 

1. This question in one form or another is very popular in assessments and exams. 
Such is the importance of the technology that the examiner is almost obliged to 
test you on it! What the examiner is essentially looking for is that you: 

• understand the method of accessing the media (CSMA/CD); 

• understand that it is unfair and can result in a large amount of wasted 
bandwidth; 

• can sensibly discuss its shortcomings. 

Once you have demonstrated this you should aim to discuss each variant within the 
technology. For each you should discuss: 

• its topology and typical configuration; 

• the speeds attainable; 

• the distances covered and typical costs; 

• typical connectors and wiring; 

• typical applications; 

• advantages and disadvantages. 

You should then summarise your answer, drawing conclusions relevant to the 
question. 

2. To answer this you need to highlight the way in which Token Ring technology 
operates and draw out the fact that it is a much fairer method of access than 
CSMA/CD. You should outline the typical structure of Token Ring, its topology 
and typical applications. It is important that you highlight that the expected delay 
for Token Ring is proportional to the number of stations connected. You should 
next compare and contrast Token Ring with Ethernet and highlight the relevant 
advantages and disadvantages of each. In doing this you will need to discuss each 
one with respect to the various stages of Ethernet development. 

3. To answer this question you will need to highlight the mode of operation of Token 
Ring networks and the fact that FDDI is essentially the same. You should outline 
the topology and typical cabling solutions of the network and ideally show these 
diagrammatically. You should also outline the speeds attainable by FDDI and its 
typical applications. It is worth pointing out that fibre covers a longer distance than 
copper and is less susceptible to noise and errors than copper. Also highlight the 
fact that FDDI was the EIA/TIA recommended backbone for many years. 

4. To answer this you will need to discuss ATM technology. In particular, the assessor 
is looking for your ability to discuss what is so radical about this technology and 
the major breakthrough it represents. Don't disappoint - demonstrate you know 
it is an internationally agreed standard in harmony with the telephone network. 
You should also mention that it was used by organisations for a number of years 
as a backbone as it was faster than FDDI technology. However, you should note 
that take-up was not tremendous as Gigabit technology was on the horizon. You 
must make sure you mention that ATM is in harmony with the telecommunications 
network and that it can be provide high-speed links externally to the organisation. 

Section 6: Further reading and research 

Cisco Networking Academy Program (2004) CCNC 1 and 2 Companion Guide (3rd edn). 
Cisco Press. ISBN: 1 58713 150 1. Chapter 6. 

www.bt.com (you can find the prices for external lines from here - e.g. ATM). 
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Chapter 6 


Popular networking devices 




ones are: 


NICs; 

modem; 

repeater; 

hub; 

bridge; 


switch; 

* • ••••* .. •* • • • ,* • • v *.* . • • • • »*. - * ... A •• i• • , |i|*»V * *.• • • • • . .• *' • » » • ••...* • • • • *. 

router; 

Multi Layer Protocol Switch (MPLS)/ 
Router Switch Module (RSM) 

gateway. 


Each is explored in turn in this chapter. I 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 

outcomes. You should be able to: ...... I 

Outcome 1: Interconnection provided by a network interface card (NIC) 

Understand what a NIC is and its essential role in networking. 

Outcome 2 - Collision and broadcast domains I 

!Zd ,“ is meant by the terms collision and broadcast domarn and 

understand which devices provide containment. I 

Outcome 3: Interconnection based on a repeater 

Understand the function, interconnections and typical uses of a repeater. 

Outcome 4: Interconnection based on a hub 

Understand the function, interconnections and typical uses of a hub. 

Outcome 5: Interconnection based on a bridge 

Understand the function, interconnections and typical uses of a bridge. 

I Outcome 6: Interconnection based on a switch 

Understand the function, interconnections and typical uses of a switch. 

Outcome 7: Interconnection based on a MAU 

Understand the function, interconnections and typical uses of a MAU. 

Outcome 8: Interconnection based on a router 

Understand the function, interconnections and typical uses of a router. 

Outcome 9: Interconnection based upon RSM/MPLS 

Understand the function, interconnection and typical uses of an RSM/MPLS. 

Outcome 10: Interconnection based around a gateway 

Understand the need for a gateway and its role in internetworking. 

How will you be assessed on this? 
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Section 1: Interconnection provided by a 
Network Interface Card (NIC) 

Introduction 
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Figure 6.1: Typical network interface cards 
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not connect to a PCI-only architecture). Secondly, the architecture should be capable 
of supporting the NIC's speed requirements (e.g. a 100BaseT ISA network card could 
never achieve more than 8 Mbps as that is the speed limit of the ISA architecture). Other 
important factors to consider when selecting an NIC are: 

• the operating system (are the NIC drivers supported?); 

• the media type (UTP, coaxial); 

• the network architecture; 

• the data transfer speed. 





! In plumbing terms, the NIC is the equivalent of the water inlet/waste outlet on a 
i washing machine. The water inlet gives the washing machine access to the services 
j of the water network. The drains then provide services for output. . 


Quick test . . . . 

Briefly outline the function of an NIC and the factors that should influence their choice 


Section 2: Collision and broadcast domains 


Introduction 

There are two major considerations when discussing a networking kit based upon 
Ethernet technology. As we saw in Chapter 5, Ethernet method of access (CSMA/CD) 
causes collisions, which can be a major problem as these waste bandwidth and can 
cause delays. There is also the possibility of broadcasting a transmission to all the stations 
on the network. It is essential you appreciate these considerations before looking at 

networking hardware in more detail. 


Broadcast domain 


As noted above, it is often necessary to send a message to every machine on a network. 
System administrators often need to alert all users about a problem, an impending 
shutdown, etc. Indeed, broadcasts are a normal part of Ethernet operation. To obtain a 
MAC address of a destination computer, the sender will broadcast asking for the machine 

with a given IP address to respond with its MAC address (this is known as Address 
Resolution Protocol (ARP)). To broadcast, the broadcast address (all the Is in Ethernet) 
is placed into the destination address field of the frame. Every machine on the network 
will then receive this frame. If a great many machines send out broadcasts at once, this 
places an unnecessarily heavy load on the LAN. Ideally, the number of machines that 
receive this broadcast should be limited or they should be grouped together in some 
way. Such groupings are termed broadcast domains. A networking kit is available to 

contain such broadcasts - the router (see later). 



ViV.vrAWWXWW.V.V^WAV.w^ ^A^ . •’* .. 

Think of a large company with several departments. The sales director may send 
out a sales update to his or her staff, as might the production manager. However, 
those people won't send the updates to other departments in the company as this 
would be unnecessary. They are thus broadcasting the information to their own 
departments, but departmental structure ensures the information broadcast is 
contained within the one department - broadcast containment. The departmental 
structure has split the company into broadcast domains. 
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Collision domain 

As we saw in Chapter 5, Ethernet relies on collision detection to operate and, the busier 
the network, the more collisions. The more collisions, the more capacity is wasted. Thus 
it is necessary to control the number of collisions to make better use of the available 
capacity. Given the unrestricted access stations have when transmitting on Ethernet, 
the only way to control collisions is to limit the number of stations on a network 
without reducing connectivity. The solution to this problem is to divide the network up 
to establish collision domains that will contain the collisions. Again, networking kit is 
available that contains collisions - bridges, switches and routers (see later). 



Imagine there was only one road to serve an entire country. Every car journey made 
involved using that road. Also imagine there were few regulations governing access 
to that road - a quick look and on you go! Obviously, there would be a great number 
of accidents (collisions). One solution would be to provide local roads for local 
traffic, thus reducing the number of collisions on that main road. Hence collision 
domains would have been created to prevent unnecessary traffic from entering the 
main road. Junctions would join the roads providing access but fewer collisions. 


The terms 'broadcast' and 'collision domains' will become clearer as we explore each 
piece of hardware in turn. 

Quick test 

Briefly discuss what is meant by the terms 'broadcast domain' and 'collision domain'. 

Section 3: Interconnection based on a 
repeater 

Introduction 

Repeaters are an essential part of Ethernet technology as they provide a means by which 
the length of a cable run can be extended. As we saw in Chapter 5, there are limits to 
the length of cabling used on Ethernet and these restrictions can often pose problems. 
Repeaters help to overcome these. There are three types of repeaters - coaxial repeaters, 
UTP repeaters and repeaters that convert between UTP and coaxial cable. 

As an Ethernet signal nears the end of its cable run or gets close to the maximum 
number of nodes per segment the technology can handle, it becomes weak - timing 
signals move out and the signal can become distorted. A repeater restores the signal to 
its original state and passes it on. To do this, the repeater must regenerate rather than 
amplify the signal (amplification would amplify the distortion and wouldn't address the 
timing issues). Thus a signal is received on one port of the repeater, is regenerated and 
then re-timed before being transmitted on the other ports. Repeaters are bidirectional 
devices that regenerate at the bit level. As such they are layer one networking devices. 
As they need to listen to a bit before regenerating it, they introduce a delay into the 
network of at least 1 bit. Repeaters have no effect on collision or broadcast domains. 

Co-axial repeaters 

As their name suggests, coaxial repeaters are used in 10Base2 and 10Base5 networks 
but there are strict limits to their use. For example, in a 10Base2 network, all that is 
allowed between the sender and the receiver are: 

a maximum of five segments (of which two must be free from nodes); 
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a maximum of four repeaters; 


• a maximum of three active segments; 

• two transit segments (free of nodes). 


(Alternatively, it is possible to have two active segments and three transit segments.) 



This limitation is often known as the 5-4-3-2 rule. 




A segment ends when 30 nodes or 185 m are reached. At that point the signal is too 

weak to continue and needs to be repeated. Figure 6.2 showsa■ typica 

usinq a repeater. Figure 6.3 shows the limit between a sender and a receiver in a 10Base2 

network - five segments (two empty) and four repeaters. This rule obviously limitst 
extent to which the network might grow but can be overcome by good design. By using 
llglenTs) as a backbone and by using multi-port repeaters, it is possible to design a 
network with more segments which still conforms to the 5-4-3-2 rule. In Figure 64 there 
are numerous segments but, between the nodes there are never more than five. For 
example, between points A and B there are only three segments (including segments 

A and B). 



Figure 6.2: Two Ethernet segments connected by repeaters 



Figure 6.3: A typical 10Base2 network using repeaters 
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Figure 6.4: A well designed 10Base2 network with many 
segments which still conforms to the 54-3-2 rule 


UTP repeaters 

UTP has even more restrictions than coaxial cabling: 
• It can only have two nodes per segment. 


• A segment can only be 100 m long. 

These restrictions are a result of the 10BaseT Ethernet being a star topology and because 
interconnection is carried out in the hub. However, there are occasions when a machine 
might need to be placed more than 100 m away from the hub. On such occasions a 
repeater can be used to extend the distance (to a maximum of 100 m either side of the 
repeater). Figure 6.5 shows a typical repeater implementation. 


50 m UTP 




50 m UTP 




Figure 6.5: A typical UTP network with a repeater 


UTP/coaxial converting repeater 

As we saw in Chapter 5, all Ethernet variants have the same frame format. Occasionally 
however, there might be a need to connect machines (or even small LANs) that use 
coaxial cable to a network based on UTP and, rarely, vice versa. To achieve this, a coaxial- 
to-UTP repeater is used, as shown in Figure 6.6. Coaxial-to-UTP repeaters function in 
exactly the same way as other types of repeater. Their physical limitations depend on 
the media to which they are attached. As most installations now use UTP, these devices 

have become less common. 



Figure 6.6: UTP-to-coaxial repeater 
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Conversions cannot be made between Token Ring and Ethernet using such devices. 
Token Ring has a completely different frame structure and method of accessing 
the network. However, Token Ring cards do function as repeaters in a Token Ring 

network, thus repeaters aren't necessary. . 


Quick test 

Briefly discuss the role of a repeater in a network. 

Section 4: Interconnection based on a hub 

Introduction 

Hubs are part of Ethernet technology where they connect devices together. Basically 
there are three types of hubs: those used to connect coaxial cables those that connect 
to UTP cabling and those used to cross media (e.g. UTP to coaxial). Although the media 
differ essentially the hubs perform the same function. Hubs are layer-one devices of the 
OSI seven-layer model. They have little or no intelligence (as standard) and, basically 
they simply pass the data out across a number of ports. Hubs have no effect on collision 

or broadcast domains. UTP are the more commonly used hubs. 

Coaxial hubs 

Coaxial hubs have become almost redundant. They were used to connect multiple bus 
networks together to form a tree network (see Chapter 3). Technically, these hubs were 
multi-port repeaters. They took a coaxial cable and split it into many branches to forma 
tree network (with the original as the root) (Figure 6.7). As with a standard repeater, the 

signal out of each port was regenerated. 
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Figure 6.7: Ethernet network with a multi-port repeater 
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UTP hubs 
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Figure 6.8: UTP hub 


Essentially a hub: 

• is used as a network concentration point; 

• regenerates and re-times signals; 

• cannot filter network traffic; 


• cannot determine the best path for data; 

• propagates signals across the network. 
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Figure 6.9: lOBaseThub 


fSSl .he -Ce of a huh in networking. You, answer shook, cove, .OBaseT in 


particular. 

Section 5: Interconnection based on a bridge 

Bhdgesa^anessential piece °f wVsaw hf Chapt^S. 

network technologies are incompat b e P number of segments in Ethernet 

technology is five. Bridges, however, provide t ea ^ ^ chapte r). Bridges 

Bridqes also provide collision contain . . R : nQ | a yer-two devices, they work 

tejScategories^techno,„g, conversions and those 
that work within a specific technology. 


Technology conversion onuge* machine s that use different 

Often, data on a network needs J^n^ment might use Token Ring technology 

but the sales department ^^XhpSnology. As bridges are intelligent devices 

the whole company, irrespecti , ab | e t0 extract the data from one frame and 
and can see a frame in its entirety, they;aresable toe ^ ^ Ethernet frame 

EssSsSSSsc:.-—'”" 
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Figure 6.10: Bridging between 
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. interconnection based on a switch 


Introduction 


networks (as hubs were used at the^^ ^ 
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device, a «■“* “" makes nodecisions.at D j n a hub 

to the MAC address ( . r machine A wished to tr , ,. j-^ard by b\\ 

the implementation of a swi • dcast ou t of each port an 0 f machine 
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on that port only 


used at the centre of 100BaseT networKscas^ j standard 


hub. As a layer-two 



Figu re 6.12: implementation of a switch in ^ ^ ^ 

Theeffect of deploying aswitch '*£ n 

throughput Because the d js dramatically redu * w]aXe thr0 ugh 

a broadcast), the n ih ? e for many groups of mach,ne j eed Thus, as Figure 
bandwidth. It is also possibleto^ full transmission spw ^ (( _ and F) t0 
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Figure 6.13: Ports being switched together 
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switches). Those .ha, are , OObLt onlyXo sXi 

Managed/unmanaged switches 

There are basically two categories of switches available on the market 
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Figure 6.14: Two unmanaged switches connected together 


Quick test 

Briefly outline the function of a switch and compare it with a hub. 

Section 7: Interconnection based on a MAU 

Introduction 

MAUsform the centre of a Token Ring network and essentially, have the same funrtion 
as a switch. Token Ring technology is rarely installed nowadays, and itis often• cheap 
to replace an entire installation with 100BaseT than it is to replace a MAU. However, 
there may be a specific reason why Token Ring is required (e.g. it is built in tt, certain 
industrialequipment and therefore must be supported), in which case the MAU must 

be replaced. 

MAU 

As a MAU is at the centre of Token Ring network it provides the means by which the 
machines can communicate. Inside the MAU the ports are connected in a ring fashion, 
and Token Ring frame circulates through the ports. If a machine is act| v e on the p^t 
the frame is passed down to that machine. If there isnt an active machine, the frame 
bypasses that port. In the event there are more machines than ports on the M ^ u - 
multiple MAUs can be connected using the RING IN and RING OUT ports on each. The 
only real function of a MAU is to make a complete ring from all the active ports. Figure 
6.15 shows a MAU implementation. Whilst the wiring appears as a star, the operation is 

in fact a ring. 
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Quick test 

Briefly identify the function of Token Ring MAU. 

Section 8: Interconnection based on a router 

Introduction 

networks.Along 1 with*switches'theyare^hTmain n^ d6 f f ° r medium - to large-sized 
Routers are aiso the m0 st 

Routers 

5Hi=SS;~»='»2 

r.sr£™~™“~ 

capability, routers have become the bSbot "c? InTemelbeeSpfeM ,7 °'“ 
**£ upoS'th!^ MACadS a 5 nd?ih'e?Sonl»'' d9 f T^h bmard '" 9 decistons 
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devices do, however, is What neither of these 

consumes largeamounK of bandwidth. BecausetherebnostmrturetcfMACaddresses 1 
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Quick test 


S descdbe the operation of a route, and give 


examples of where they are commonly 


deployed. 
















CHAPTER 6: POPULAR NETWORKING DEVICES 

& & V y * * * & A # W <***&* & 4 * V V * & # & * * * *• * A * & V * * to * & # & *'*'***■*#&* v A & v &*’$•***#*#****%** v * * * 

Section 9: Understanding interconnection 
based around a Router Switch Module (RSM)/ 
Multiprotocol Layer Switch (MPLS or MLS)/ 
Layer 4 switching 

Introduction 

Whilst routers are perhaps the most important networking device, they have one major 
drawback - their speed. In order to route packets, routers utilise software to determine 
the next hop and to forward the packet. Software is many times slower than hardware, 
which can lead to a bottleneck in the throughput. Initially this bottleneck wasn't a 
problem as the majority of network traffic was kept local. In fact there was an 80/20 
design rule which said that 80% of the networked traffic should be kept local. Today, 
this rule no longer applies principally because of two factors: 

• The Internet - the PC can now be a tool for accessing and publishing information 
anywhere in the world with users transparently hopping around the globe 

• Server farms - many organisations are now hosting their applications and data 
in one central location with their best staff looking after it. Users from within this 
location and from branch offices seamlessly access the data as though it were 
local. 

The 80/20 rule has now been turned on its head - only 20% of the networked traffic 
is local. This has put increasing pressure on the routers, fuelling the development of 
Multiprotocol Layer Switching (MPLS or MLS). 

MPLS 

The aim of MPLS is simple - bring hardware speeds to the routing function; but how 
can this be done? The answer requires thought about the routing of packets - packets 
usually travel in flows. Figure 6.17 , shows the flow normally taken by a data packet 
through two routers. 



Figure 6.17: The flow normally taken by a data packet through a router 


As can be seen from Figure 6.17 each packet will flow through the bottom three layers 
of the OSI 7 layer model in the router. If the device was capable of uniquely identifying 
each flow, a cache could then be formed meaning that the first packet to pass through 
the router would identify the outbound interface. Subsequent packets could then 
access the cache and be immediately switched to the outbound interface. This is known 
as 'route once, switch many times' and it is how MPLS works. Of course, there is more to 
a destination address than simply an IP address There is also a port number. MPLS takes 
into account the port number when building the cache. The clotted line in Figure 6.18 
shows the path the second and subsequent packets would take through a multiprotocol 
layer switch. 
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Figure 6.19: Cisco Catalyst 4006 MPLS 
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troauceaai same asM PL5, but the way in which 

different. Devices incorporating CEF are 

determine all possible routes through the 
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Specific Integrated Circuits 

switching. When the first packet arrives, 

can immediately switch 
This further increases the performance 
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ESSXSSEffi SS table and 

the packet without the need for a router lookup. 
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table should a netwt. 

Module (RSNvfdevices from earl, 2004. The entry price 
lower than its MPLS counterpart, bringing m 
of many organisations. Figure 6.20 shows the 
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of a 3550 RSM was dramatically 
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Figure 6.20: Cisco 3550 family of RS/V 
(picture courtesy of Cisco Systems Inc 

Deployment of MPLS/RSM devices 

organisationalbackbone^F/^ure 627 f J nctiona,ly the same w 

ntegrated with layer 2 switches t nil show ^ typical deploymen 
with noting the redundant rnnnort C6 C lent PCs and server: 
(evices for redundancy load ba?^f'° nS ~ !fu h SWitch is conn ' 
-ts on these devices make this SKI 


Layer 2 
Switching 


Backbone 
&■ Server 
Distribution 


Layer 3 
Switching 


Servers 

PE/GE Attached 

Typical deployment of MPLS/RSM device 
9 e courtesy of Cisco Systems S V ' CeS 


duick test 

Briefly describe the 
deployed in place of 


operation of an MPLS device 
a conventional router. 
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Section 
gateway 

Introduction 


networks together - for example, networks such as 


DECnet. 


Stem^N^k Architecture^SNA) and 

A gateway fan be used to 

standard networking devices. Hence g ir g d gateways were often slow and more 

sss": r gsssss 

Gateways ate, however, re-emerging in small *oh«. network to the Internet 

!«o network connections * «'" shed ^3 

cable connection and the SO Microsoft Windows (98SE onward ). 

the Internet Connection Sharing option N t rk Address Translation (NAT) function 

S these thtongh the sharing of one 

SSSeSne, Seorice Provider ,,SP). 


PC actinq as a gateway machine 
P with Jo network connections 
- one to the Internet and the 
other to the SOHO network 


SOHO LAN 
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Internet 


The PC forms the gateway 
between the two networks 


Figure 6.22: SOHO gateway 





CHAPrER6 :. P “ P " U » ""WORKING 


^ ^ S » « 


devices 


**»»»**«,«.* 


* * « * * 




*«**•>****.*, ,, 


* « « * * * » * ** * 


**-■*■+•* 9*1 


m 


S t 


■v/a •vv>. N i ' '’ , v " , -'-'v v -‘/'.. >:k; , ‘/.^vv , :: , ’v;:* : .•: 

• <Xx.*« tVVV V f * , ..V •'.. . . > ’ v»VA* - rV. ,*.\* - .>•.»/•*/,■../.. . A*yC* •. \ * • < • 


■ 


Quick test 


Fl nmaot' 33: A typica ' S0H0 'outer 

Omage courtesy of Linksys Inc.) 


Briefly discuss the purpose of a gateway. 
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Chapter 7 


Network design process 


Chapter summary 

■■■I 

involved. This should be sufficient for assessment purposes. 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 

outcomes. You should be able to; 

Understand 1 the file '^ain requirements of network design. Question 1 at the end 
of this chapter will test you on this. 

SSfK ISSSfrf devices and severs can .cos, netwo* 
performance. Question 2 at the end of this chapter will test you on this. 

KEd*» -hodoM, for the analysis of a netwoc. 
Question 3 at the end of this chapter will test you on this. 

uHStandand telSSfto apply a methodology for capacity planning within a 
network. Question 4 at the end of this chapter will test you on this. 

scenario. Question 5 at the end of this chapter 

will test you on this. 

the end of this chapter will test you on this. 

How will you be assessed on this? 

planning. However, if capacity planning is on 

, ft I • , . . . — II A aH 

the syllabus, it 
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Section 1: Network design goals 

In any design process, it is essential to understand the goals of the design 

Network design goals 

established and S^Sjfc « ™ny things tha, must he 

five criteria are a good 2SSt 9n COntractors - H °wever, the following 


Functionality 


appropriate speed Issueshere^nclude^rf^ t0 d °' , mUSt d ° this reliab,y and at an 

effectively. ° rk must be able t0 carry out their tasks efficiently and 

Scalability 

"«"»!■*'? tdat they must change 

changes. The network must £ able Z ll „ be able t0 adapt “ 
for any major changes to the overall design. ntally ’ Le - 9 row without the need 

Adaptability 

oSS™ »<i ad ' ,p ' “ chan 9« 

technologies as and when they becometaST “P'e-ttentation of new 

Manageability 

should facilitatelaselofllSolin^a'nd^manTg^em' A Wel ' designed netw °rk 

Availability 

Ideally, a netwofk^hodJbe 99 9% available'^Thi 6(e: j peciallyun P ,an ned)minimised. 

reliability is to build in some redundant ,h. Jl Way ,0 achieve this ''Tvcl of 

backbone links which will automatically activate shouTd fheSatlSil 

Quick test 

B-iefly discuss the five basic requirements of good network design. 

Section 2: Network design components 

the positioning of senlerTandaaess^o'ttedatathrh'w a e,work devKt 'T but about 
different network devices provide a ramJ Ifl th y h °J d ' As we saw in Cha P^r6, the 
to collision and broadcast containment Hence a aood'dSS interc onnection 

does not suffer from excess collisions can conmin^^ 65 9R Wl l ensure the network 
able to communicate at the planned level of performanl? ^ that a " n ° deS Wi " be 
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Network design components 

Aswe have already noted, network performance and networktechnologiesareconstantly 

changing, and so designers need to ensure the LANs they design can accommodate 
these changes and that performance is maximised by the careful positioning of critical 
components. When designing for high-speed technologies and multimedia-based 
applications, network designers need to address the following critical components of 

LAN design: 

• the function and positioning of servers/broadcast control; and 

• collision containment/segmentation. 

Function and positioning of servers/broadcast control 

Servers fall into two distinct classes: 

• organisational servers (such as email servers or DNS); and 
t workgroup servers (data and applications). 

A good designer takes great care over the positioning of servers and of who will access 
them. Figure 7.1 shows a well designed network where the workgroup servers (A and B) 
have been placed close to where they will be used and where the email server has been 
placed at organisational level. By structuring the network in this way, the machines 
connected to switch A can use server A without having to use the network backbone 
(through the organisational-level switch), thus keeping traffic on the backbone to a 
minimum. If they need access to email, these machines will not cause excess traffic 
on the machines connected to switch B whilst accessing the organisational server (for 
email). Access to server B from the machines connected to switch A is possible but 
should not be used often. This type of design is known as a two-layer network design 
and is suitable for small enterprises. 



Figure 7.1: The positioning of servers 

Notice there is no router in Figure 7.1. This could create broadcast-related problems. 
Because there are no routers, a broadcast by any machine will traverse the whole 
network, hence wasting bandwidth. The solution would be to replace the organisational- 
level switch with a router, which would divide the network into two broadcast domains 

(Figure 7.2). 






CHAPTER 7: NETWORK DESIGN PROCESS 


4 . 4 *fr*»*fc«*** 3 *^^^‘* < ''* 


♦ ■♦**•*«*•«*• 




» * * * -e « * * » » '* « « * 




® <i * * » * * $ « ^ 




Email server 



Workgroup 

A 


Workgroup 

B 


Workgroup 
server A 


Workgroup 
server B 


Figure 7.2: Router now divides the two networks into 

two separate broadcast domains 


Collision containment/segmentation 
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?xlin k whvJhe positioning of servers is of critical importance in network design. Also 
discuss whj designers should consider collision containment and segmentation whe 

designing networks. 
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Section 3: Network design methodology 

Network design is similar, in many ways, to systems analysis and design. The designer 


needs to: 


gather facts and figures about the organisation and use, requirements and 
expectations; 

» analyse the requirements of the network; 

• design the structure; 

• document the network. 

Gathering facts and figures 

This process involves finding out as much about 

current status, plans for the building. plans for the ™ure, nu i iremen ts (e.g. 

EgS zz ?r ^ office p " the 

views 9 of 9 the people who will be using the network, etc. 


•*; 


.... 






While'there^are a great ™ny ’ 

the finportanceTof S aSguTe's-"sS data files, number o, users o, plans to 
move to a new building, etc. . 

It should also be established whether'JS,”^nc^mputersare Sowed on the network 
likewise be necessary to determine wha‘ idresses o, names are to 

S *««XtKa*°S h to to be established who in the organisation controls 

such lists. 


Analysing requirements 

■ I . I._- . .i. A- 1* y-N *-\ 


he information collected must then be analysed 

ne requirements of the ’“^XureSSeSSStouH also be" analysed 

towork will be able to 

l°atr 9 dements, the networks availability should be determined. Availability 

! “ Zughpu"- “wmuch throughput the organisation ejects from the network. 

. Response time - the time the users expect to wait before the network provides 

them with the information they require. 

• rs” 

nrovide an effective network. 

. Reliability - a realistic expectoon of the networks reliability (100% reliability can 
be expensive to achieve!). 

Organisations that demand high ayailability will need to carry the costs of such 
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availability - redundant links, spare equipment, etc. However, the network's required 
capacity must be planned for (see Section 5 below). 

Designing the structure of the network 

The network structure relates to: 

• the network's topology; 

• the network's cabling; 

• the connection of devices. 

The first two points are, surprisingly, quite straightforward. Current EIA/TIA 
recommendations state that networks implemented using a star topology should have 
a minimum of two networking points to every desktop (not all need to be live). EIA/TIA 
also require that a Wiring Closet (WC) should be placed on each floor to serve no more 
than 1000 m 2 . Where floor size exceeds this, two or more wiring closets should be used. 
EIA/TIA also specify that a wiring closet should have the following: 

• Sufficient heating/cooling to maintain a temperature of 21°C when the equipment 
is in full operation. 

• A minimum of two non-switched dedicated AC outlets (positioned every 1.8 m 
along the wall at a height of 150 mm above the floor). 

• The floor can take the weight of networking equipment. 

• Light fixtures should provide 200 lux of brightness and be at least 2.6 m above 
the ground. The switch should be immediately inside the door. If the light used is 
fluorescent, it should be clear of the cable runs (because of interference). 

• A door 0.9 m wide that opens outwards with a lock to allow anyone inside the 

room to exit at any time (this may need to be adjusted in the light of local fire 
regulations). 



To determine the best location for the wiring closet, a map of the building should be 
annotated showing the proposed layout of the computers. Using the above checklist, 
the potential locations of the wiring closets are marked on the plan. Using a compass, 
a 50 m circle with the potential closet at its centre is drawn to see if all the computers 
will fit inside this circle. If not, another location must be chosen or, alternatively, more 
than one closet may be needed. Even though the maximum cable length in 10OBaseT is 
100 m, a 50 m radius allows for awkward runs, corner turns, etc. A patch panel lead and 
a lead to a desktop, will all increase the overall length. 

For the main wiring closet (the one that will provide any external connections), it is 
recommended that the telecomms provider's is used where their cable enters the 
building (this entry point is known as the Point of Presence (POP)). This wiring closet 
is known as the Main Distribution Facility (MDF); the others are known as Intermediate 
Distribution Facilities (IDFs). EIA/TIA also recommend that the cabling is category 5 to 
the desktop and either fibre or copper between the wiring closets. 


'Standard' design structures 

As the popularity of networks increases, a standard design structure is emerging based 
on two or three-layer models. As discussed earlier, a two-layer model is suitable for 
small organisations. Such networks are effectively divided into two layers (see Figure 
7.3). The bottom layer (the access layer) provides access to the network's services. In the 
access layer are the computers that are to use the network and their servers. These are 
arranged in groups so that the machines that need the services from workgroup server 
A are on the same switch as the server. The bulk of the traffic in these groups should 
never need to leave the workgroup environment. Only email and cross-workgroup 
traffic needs to pass into the distribution layer. This keeps the distribution layer free 
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from unnecessary traffic, thus helping performance. The 

^prvires to the oraanisation - in this case, cross-workgroup connectivity and access to 
email. The distribution layer may well form the backbone of a university/college campus 

or the backbone of an entire building. 


fl 


Distribution 

layer 



Workgroup 

B 


Workgroup 
server A 


Workgroup 
server B 


Figure 7.3: Standard two-layer network design 

nftpn an oraanisation has multiple sites spread over a wide geographical area. In such 
cases a further layer is added above the distribution layer. Known as the core layer, 

For example the University of Sunderland has two mam campuses - the St Peter s 
famous andthe City Campus, about two miles apart. Using a three-layer modefthere 
SSbStolayersIt both carouse, (effectively acting as the campue backbone) 

and a core layer connecting the two campuses (see Figure /A). 


Core layer 


Distribution 



Workgroup 
server A 


Workgroup 
server B 


Figure 7.4: A correctly designed three-layer network 

Should server farms be established the routers in the three-layer mode! would be best 
substituted with MPLS/RSM equipment (see Chapter 6) and some redundant links 
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Documenting the network 

documentation'win'bTthe^tartfng^point^^uId^h 1 ^^ be We " doc umented. This 

Hence the documentation should provide: H d h be 3 need for troubleshooting. 

• detailed maps of the wiring closets; 

• details of the machines attached to these wiring closets; 

. note’ h ' a " d qi,an,i,y °' Cab '“ U * d “ to the IDF, 

abou t any spare cables and their location; 

• details about cabling between IDFs/MDFs. 

'** ,be fomentation, the 
possible. Also, bearing in mind that 80°/ nf * UP ' ^ ocumentat, 'on should as be full as 

one (cables, connectors, etc), the leads need ,o b> ^ 

***•-- --- 


J P 




I t° be mission critical and so anv fault, ^ An or 9amsation's network is likelv : 

! JV. ,ts and upgrading the network are fereasiel'if "th^ immediate| y- Correcting j 
; - d .?. cu . m .entation. tar eas,er «there ,s sufficient, up-to-date ! 

. I 

~ . ...! 

Quick test 

Briefly outline the network design methodology. 

Section 4: Capacity planning 

to be able to cope in the new nel *ork for it 

corren, network can help to identic pe^tmanS^ST 





m 


assessors are testing your abilitv tn cnnt th- ^ C I}/ ^ an ' P r °duce a problem The 

and deliberately hide figures iX tett ZS'™' They wnK *" “SmSt 

for hidden information! You should read th* des ' 9ner ,s a,wa Y s on the lookout 
6 . Very number mentioned. 6 ass, 9 nment thoroughly and highlight 


• • * • •• • •••»**' 


The capacity planning process 

to estirroteThe^oacj 3 that Inig I ht'bT^mposedHor^th* ? °" ^ CUrrent "etwork and 

relatively straightforward. It is used to dete!minT $ lnV ° IVed in Capacit V Planning is 
• the current load on the network; 

the proposed/additional load on the network; 
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. if there is enough capacity in the network to cope; 

. If there are likely to be any peak-time problems (Ire. when the Baffle is at its highest, 
will the network be able to cope?). 

To do this, as much numerical information as possible is collected: 

• How many computers are connected/to be connected? 

• What packages do they use? 

• Are the packages held centrally or locally? 

• How often are they downloaded? 

• What is their size? 

• What sort of data is downloaded? 

• How often? 

• What is its size? 

. „ow often do the users print out from the network? 

. What kind of printer do they use? (Postscript printers put a huge load on a network 
and should be avoided.) 

• What are the file sizes? 

. Does a hie go direct,, to a prime, o, to a computer and then to a printer (rn which 
case it is on the network twice)? 

• What about email/Internet traffic? 

• How often are they used? 

• What are they used for? JU . 

This should provide enough information about the amount of traffic moved by 
St, unless sophisticated 

packet headers, which will be added to the P Q talk t0 supp |iers about any 

seven-layer model (see Chapter 4). coDies of the software to evaluate the load 

connected to the network and its operation should be 

checked in case it imposes a load on the network. 



.nfnnftinhl'hvtesbvStoqetbits; Thusa TMBfileis8M b .. 

As much information as possible about the organisation itself must also be collected: 

. HOW long does the organisation use „s network each da, ,if i„s open 9 - 5 then „ s 

8 hours)? 

• What does it use its network for? 7 

work flexi-time or do they all have the same start and finish time. 


rT^tes and network.raffle is measured in brts. ftemember 


. 


Do the users 


. Are there any problems with the current network? 

. If so, what weeks/days/times do these problems occur? 
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Is there any other pattern to them? 

What time is lunch? 

Does everyone leave together for lunch? 

<iS 3 ^oNege/univer. „ wh eK 

Are backups of the network servers taken at night? Is this across the network? 
n«df,°„ be r p ped en0U9h lnformatton ab °“' < ba b ™ P™d over which the traffic 

Finally, the design parameters must be established: 

What is the anticipated lifespan of the network? 

."SsS?" 9, ° Wth/dedl " a in the organisation's activities during 


solid floor or ceilings, 


| D nK e nf th 2^ Uild,n9 itself contain an V Physical constraints (e.g 
lots of electric motors, etc. that will cause interference)? 9 

Should the network be a LAN only or a WAN/LAN? 

Is any existing network equipment to be retained? 

What finance is available? 

What integration is required with other systems/networks/hardware? 

> ba capac ' ty P'anmng. 

Can the network cope at present? 

Will it be able to cope with the proposed changes? 

For each question, it must be determined whether the network can cope with: 
the daily load (normally the answer to this is 'yes'); 

peak-time load problems (usually more tricky to answer) 

msmmm 

discusses the issues raised in this.) 9 P capacity plan for a college and 


see 



Time shou,d be spent 

........ 

Quick test 

Briefly outline the stages involved in capacity planning. 
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Section 5: Sample design 

Introduction f T prhnoloav(lCT) to analyse the current 

in this section we wifkonsider Irving's problems and propose 

X puters in , he ,T suite .« «— - 
suite that it has been closed <emi»ra-Jy- TheP P m of a „ the college's computers. It 

S »SS“« *«*«" hour - 

Process . , : n f ormat ion. The first thing 

L toadad - p “ ed "“*■ e,c - in that ,ima 

frame. 

Next we need to consider the figures: 

• 50 computers; 

• 50 MB of software; 

• 20 MB of data; m MB to the server followed by 

.,0MB printed (through a Novell server; therefore 1 0 MB to the 

,0 MB to the printer - twtce the loa .). actual) . 

. to Mbps is the theoretical maximum from tOBase 

. QoS of five minutes ship 8 Mbps to the 

• S»^oSS^ means 

. software and data have to be loaded MB which,times8, = 20,000 

Ss^SS 

fw *<= ,he ' r . data and ’ p0!S,blv ' pr ' nt ' 

networks that will perform better. technology that will also have better 

. Install a brand-new network based on a faster 
future proofing. 






NETWORK design 




abour 4ZnSes T &jecr,o t'h” 83 ^ net “ ork 'S«e w“ld = 220 se “"*» 

'n 24 or 48 port anS woS PCs and Etching e^pmem Sw/fT^ make «« <* 
her architecture we looked at • d require at ,east tWo switches If w ,I tCbes n Sually come 

a further switch to join the three Secf ' ( ? n 2 ' we would need three ?/ Insta,,ed the two- 

attached To “ '"“'P™* three wo*£S!£ ^ers, and the £ 

only 16 machines') The n<? T h J 7 machin es (eventhounh!u h ° Wn In %t/re 7.5), each 
® only 15° seconds 9 halfTh^oK mlZteT '°° % “ S '<*KnthgeScS 



Server A 


Server B 


Server C 


F'gure 7.5: Proposed design for ICT 


~ f* ^-ivru u tr 

AsLmTthafSSneedstob' be distd buted in 

8 = 2992 Mb/ 100 = 30 seconds 17 machines x 26 MB - 340 ?! time problem - 

assume the wo st- a t sc? 66 ^ 0 be so allowance 

MB + 10% = 748 MB x8 = S * '' S ° n th "nSSJS*S52?-f? ,,S /? ambi 9^ous, so 

will handle the load imnr, 5 ^ 84 Mb/100 = 59.84 seconds t?' 7 x ^ 2 x 20 MB) = 680 

change its activities ev^the h q ? e,y ' Had thi s been an oroe 6 proposed network 

(8 hours?), but peak times sh. n w Ub ,f bls cou,d have been taken ^ 3ttbat did not 
printing late in?he da" 65 Sh ° U ' d b * noted - arnvin^fe^ -^9 day 

Average load e nd 

“^ e : rssi r h °: 

are60rnihijte 2 xd^s«:'^idsfn X 3n^lT* 8S ^^^ 1 ^ 2 ^^ t ^PM8V8 8 ^i2^ l 4T^ r ^ , ^ k 





CHAPTER 7: NETWORK DESIGN PROCESS 


• « • ♦ A * * «**^»S**< 


4 * ^ * £ * * 5 * * ft * * * * * * * * * * 


**•*»♦**#♦♦***♦*******•* 


*<* + 0 ** ** 9 **** + ********** 




4 

4 

4 

4 

4 

* 

4 

4 

» 


A 

I 

;♦ 

4 

• 

♦ 


Remember, the time taken to get all the computers operational can be calculated 
approximately by the following formula: 

Total data and or software to be downloaded before work can begin (in megabits) 

Maximum throughput of the technology 

Remember to use megabits and to add 10% to the load to allow for packet headers, 
etc. 

The average load on the network per day/session can be calculated approximately 
by the following formula: 

Total data /software/printing of entire day session 

No. of seconds in day/session 


Quick test , 

Carefully work though the figures without looking at the calculations given here, 
you get the same answer? If not, where did you go wrong? 


Do 


Section 6: Wireless LAN design 

All but the simplest, one access point wireless LANs need to be designed. Indeed, even 
a one access point wireless LAN will benefit from some thought on the placement of 

the access point. 

Wireless LAN design considerations 

Wireless LANs utilise radio waves astheirtransmission medium and so the rules governing 
propagation of radio waves apply to wireless LANs. It is important to undertake a site 
survey as part of the design process to gather as much information about the building 
as you can There are six main factors to consider when undertaking the site survey 

1. Data rate required - the data rate is directly related to the coverage of the wireless 
LAN the better the coverage the higher the data rate. Rather than reduce reliability 
as the signal weakens between the access point and the client (either as a result of 
distance or signal degrading because of obstructions), access points shift to a lower 
data rate, therefore preserving the reliability. Figure 7.6 shows the range and typica 
data rate's available in an unobstructed wireless LAN environment. 

2. Antenna type - some access points, particularly those designed for non-domestic 
use offer a range of antennae. Proper antenna selection and placement is a critical 
factor in coverage. As a rule of thumb, the range increases with antenna height and 

gain. 

3. Physical environments - an access point in an open environment will have a better 
coverage than a closed or relatively closed environment. 

4. Obstructions - any obstructions between the access point and the client can affect 
performance. 

5 Building materials - the type of building material used also influences range: 
drywalls allow radio waves to penetrate better than metal or brick walls. 

6 Line of sight - maintaining a clear line of sight between the client and the access 
point will significantly increase.performance. If you are using the wireless link as a 
bridge, this is a must as you require maximum throughput. 


Ill 











•y.y#*. 
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Figure 7.6: Data rates available in an unobstructed wireless LAN implementation 

(image courtesy of Cisco Systems Inc.) 






Remember that throughput is theoretical and you won't actually achieve the full 
throughput. Realistically, for an 11 Mbps 802.11 b network you will achieve 7Mbps 
- roughly comparable to a 1 OBaseT or 10Base2 wired LAN. 


Don't assume that all wireless clients will be laptops and PDAs; wireless LAN NICs 
are available for desktop PCs and installation of a wireless network can realise 
significant savings over its wired counterpart - particularly if the environment 
frequently changes, for example desks being moved. 

The term, device, is used for wireless LANs as often there are multiple types of client 
such as a PC, a laptop, PDA and specialist products such as supermarket scanners, IP 
telephones, data projectors, and even printers. 


Topologies 

Just as wired networks have a topology so do wireless LANs however, the term used 
in wireless LANs is the Basic Service Area (BSA) which is comprised of one or more 
microcells - the area of coverage of an access point 

A wireless LAN with one access point is relatively straightforward - place the access 
point and/or its antenna in the centre of the area you wish to cover. For example if you 
were placing an access point in a single floor coffee shop then place it in the ceiling in 
the centre of the customer seating area. 

A wireless LAN with more than one access point requires more consideration. The 
first question to answer is why you need more than one access point. There are three 
possible reasons (Figure 7.7): 

1. Provide a coverage area greater than can be provided by one access point 

2. To provide redundancy or load balancing in a single area 

3. To extend a network either wireless or wired by the use of wireless bridges 
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Multiple APs 
with roaming 


Redundant 

WLAN 


Wireless 

repeaters 


Figure 7.7: The 3 wireless LAN topologies 
(image courtesy of Cisco Systems Inc.) 


Designing a multiple access p have the (-overage areas overlap 

In any multiple access point installation the 9 °^ ha ^ or too )itt)e overlap 

so that a client can roam without XXnection to the client. Obviously, too little 

much overlap will result in the accesp consjder rad ? 0 stations, there are never two 
deployment needs to be con frequency m the same geographic area, however 

^interrupted coverage as you travel.The Thus jp the case of 
The 802.11b (USA) standard X the maximum number of access points that can be 

I Remember there is no easy way to control the ber of use^rs us. n9^ a “|Xre j$ 

I - as a client approaches if the ac XJ? Redundant WLANs could well be necessary to 

I S? SS? SSKSsWnt 2 "his is achieved in Windows 

i device configuration). .. 

: . 






Channel 
5 6 7 


10 11 


7W-'. ■ • : X' ’' : 


• • ■ 
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2400 


11 


2441 

Frequency 


Figure 7.8: 802.11 b (USA) channel mapping 
(image courtesy of Cisco Systems Inc.) 
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e access points need to be placed so that o 
-hannels do not overlap. Figure 7.9 shows multiple 
non interrupting channels. 

IJjk Figure 7.9: 802.11b 

(USA) placement of non 

interrupting microcells 


(image courtesy of Cisco 
Systems Inc.) 


Wireless Network Mode: 
Wireless Network Name (SSID): 
Wireless Channel: 


jll - 2.482GHz 

T 7 2.412GHz 

2- 2.417GHz 

3- 2.422GHz 

4- 2.427GHz 
5 -2.432GHz 

6- 2.437GHz 

7- 2.442GHz 
8 -2.447GHz 
9-2.452GHz 
10 -2.457GHz 


Wireless SSID Broadcast 


Cancel 


12 - 2.367GHz 
13- 2.472GHz 


Figure 7.10: Selecting a channel for the 

point on a UK Linksys WRT54GS 


Security 

Security 


IS a major issue with wireless LANs and can be categorised into 
security of information in transit; and 

misuse of the access point itself. 
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Security of information in transit 

. I . . I _ _ — «.. ■ w«+-\ I />f 


In general, most concern is about WSS 

sent over the wireless LAN can a confidential 

you mind that information being ea _ r f encryption. For example, 

sitting in a public access area, such as ' jnt ^ he retailer will transfer you 

purchase with a reputable on-line ret ■ P ' between you and your on¬ 
line supplier. This encryption.isInst, gated ms,deyourPC OSmayer^ ^ ^ 

the credit card information being transmitted betw y ^ useful informatio n. In 

S^S'SotallSKS'wS? » have the credit card Information copied down 

CS;S">S' n ^ and you sSould seriously conslde, whethe, or ho, to 

or you, home and have the aM«y to manage your wireless 

^u^av^dto^ing^and^based^po^^lvesropher^fRCAf.^Ep'l^recogn'ised'as 

having security weaknesses; however, it is widely supported. dard 

WPS - WiFi Protected Access. The '"'JXSSwaS works ...pre- 

hV most modern access points doesnT 

have wide support on wireless NICs (especially early ones). 

Security is usually configured via browser access to the access point. 

. *- — 




&9R3&S 






Tv^el*wilf Jv^cu^method of accessing your organisation on an 

unsecured wireless LAN (see Chapter . .* 

......*. - - 

Misuse of the access point 

installation of an access pointwithoutan, securi^n lead tomisuse 

prosecutions arising as a result of failing to secure your access point. 

Most wireless points provide a method of regulating the users. 

• MAC Address locking; 

• WEP/WPA keys. 
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MAC address locking 

All Wireless NICs have a MAC address and access points will usually have a security setting, 
which allows you to restrict access to only authorised MAC addresses and therefore 
NICs. Usually there is a utility that allows you to see all of the currently connected NICs, 
allowing you to select the ones that should be given access. Obviously, the control is on 
the NIC - if the NIC is placed in another machine, then an unauthorised machine could 
have access to the network. Not all NICs support MAC address locking. 

When setting up WEP or WPA encryption, the key needs to be entered on both the 
access point and on the device. Devices without the key can't access the network. As 
the key is entered on the device itself, the device is authorised for wireless access rather 
than the NIC. 



Always secure a wireless LAN, preferably by both MAC address locking and WEP/ 


WPA. 


Building-to-building WLANs 

Creating wireless LANs between buildings can be a challenging task and is often 
governed by local planning regulations; there may also be obstacles in the line of 
sight between the buildings that will impair performance. Clearing these obstacles will 
probably require a tower for the antenna, which will itself be subject to local planning 
regulations. 

If you are intending to use a wireless LAN for building-to-building communications it is 
advisable to contact the local planning authorities and seek specialist help at the design 
stage. 

In general, building-to-building WLANs need specialist bridging devices and antennas 
- see Chapter 5. 



• Never touch or move any antenna whilst the unit is transmitting or receiving. 

• Never touch, hold or locate any antenna in such a way as it is close to or touching 
an exposed area of skin - especially the face and eyes. 

• Don't use any equipment without the antenna attached. 

• Ensure the environment you are considering is suitable for wireless LANs and the 
type of wireless LAN you are deploying, e.g. hospitals. 

• Ensure all antennae are at least 20 cm from all persons. 

• Ensure any high gain, wall or mast mount antennae are professionally installed and 
at least 30 cm from all persons. 

Quick Test 

Discuss the major influences on wireless LAN design. 

Section 7: End of chapter assessment 

Questions 

1. Outline the five design goals that must be taken into consideration when 
undertaking a network design. 









network design 


<.*>*** ********** 
*.**»«>*«***■* ***** 


.*. 


3 r—-* —■ - *- *- s,eps 

4. Discussthe process of capacity planning and outline how you would undertake this 
an average hourly load of 2.5 Mbps. 


) K-\J\ i 

• 30 MB software; anri data must be downloaded before the machines 

, i o MB data (both software and data must 
can be used); 

# 1 hour time slot; 

;::ri"»** «*. - « «* •>—* 1 ooBaseT 

in less than two minutes. and out|ine their 

Answers d discuss briefly the five main goals 

immmm 

network problems occur at I somethjng goes wrong. 

documentation and it that it -, s asking you not only 


25 computers; 


m5S5S5SSS5s«s= 
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The assessor would not expect you to undertake the maths, but would expectan 
explanation of how you would determine the current and required capacity, both 

for peak times and for the daily load. 

5 This Question is very specific. The assessor is asking you to calculate two types of 
capacity plan: one showing the length of time it will take for the machines to become 

across the time period (1 hour). The formulae are given in the crucial concept box 
at the end of Section 5. The question also contains the answer and you are asked to 

prove it. 

Time to start: 

((25 x ((10 MB + 30 MB) x 8)) 10%) = 21 minutes 

7 Mbps* 

(♦This should be replaced by 100 Mbps when re-running the calculation for 100BaseT) 


Average load: 


((25 x ((10 MB + 30 MB) x 8)) 10 %) = 2.5 Mbps 

3600 seconds 


The average load will be the same on 100BaseT as the network speed is not taken into 
account in this calculation. 

6 This question is prompting you to show that you understand that wireless LAN 
design is more than simply installing an access point. The examiner is asking 
you to list the major considerations of LAN design and also asking you why they 
are important. You will probably get half of the marks from discussing the major 
considerations and the other half for giving reasons for their importance - make 

sure vou answer both! 


Section 9: Further reading and research 

Cisco Networking Academy Program (2004) CCNA 1 and 2 Companion Guide (3rd edn) 
Cisco Press. ISBN: 1 58713 150 1. Chapter 5. 
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Chapter 8 

Network software 


Chapter summary 

This chapter is the first of three that look'at the role, setup and management of a 
typical network server. The hardware and software that comprise network facilitate 
the exchange of data and applications. Perhaps the most important piece of 
hardware is the server. Most organisations deploy either a Windows-based server 
or a UNIX-based server. Here we will concentrate on UNIX, for two main reasons: 

• UNIX provides greater scalability and is therefore used in large organisations. 

• A public domain version of UNIX (Linux) is available which will enable you to 
practise installing a networked operating system at a low cost. 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 

outcomes. You should be able to: 

Outcome 1: Multi-user operating systems 

Understand the main features of multi-user, multi-tasking operating systems. 
Question 1 at the end of this chapter will test you on this. 

Outcome 2: The UNIX filing structure 

Understand the filing structure used in a UNIX filing system. Question 2 at the end 
of this chapter will test you on this. 

Outcome 3: Filing system security 

Understand and be able to manage security in a file server environment. Question 
3 at the end of this chapter will test you on this. 

How will you be assessed on this? 

This subject area lends itself quite well to exam-type assessments rather than 
assignments. As there are many questions that could be asked about this subject, 
you should make sure you understand what is covered in this chapter well in 
advance of any examinations. You may also be assessed in your practical ability to 

setup a NOS. 


Section 1: Multi-user operating systems 

Computers that act as servers must be able to cope with the access demands of many 
different users and also be able to provide these users with the services they require. 
Servers vary in their capability to do this depending on the operating system that has 
been installed. UNIX enables users to access files and it also processes on their behalf. 
Multi-user operating systems also vary in the way in which jobs are given access to the 
processor. It is important you understand the basics of multi-user operating systems as 
these are important not only in the world of work, but also in the world of exams. 


Peer-to-peer networks 


As we have noted throughout this book, the whole point of networks is to facilitate 
the exchange of data and software. As we saw in Chapter 1 , this eatthange can be 
accomplished through peer-to-peer networking, such as Windows 98, 2000 and XP. 
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However, as noted earlier, peer-to-peer networks are only suitable for small networking 
situations. Once an organisation reaches the limit of its peer-to-peer network, it must 
consider installing a server. 

Multi-user operating systems 

Larger organisations or those that have outgrown a peer-to-peer network must make 
use of a server. As all the users will depend upon the performance of the machine chosen 
to be the server, the server's operating system must be suitable for multi-user tasking: 
it must be able to undertake more than one job at a time for more than one user at a 
time. UNIX is a good example of such an operating system as (and depending upon the 
hardware) it enables a tens of users each to have tens of jobs active at the same time. 

Needless to say, multi-user, multi-tasking operating systems are extremely complex. 
They are responsible for such tasks as: 


• job scheduling; 

• the allocation of resources; 

• hardware operations; 

• user operations; 

• protecting the user's work; 

• protecting each user's working memory; 

• providing disk storage and quotas for each user; 

• running each user's various jobs. 

Multi-user, multi-tasking operating systems can be classified into two groups, depending 
on the way jobs are given access to the processor. 


Non-pre-emptive systems 

Non-pre-emptive operating systems wait until a job quits the processor voluntarily. 
Should this job go into a loop and therefore not quit the processor, no other job will be 
allowed access to the processor. The server is thus hung and would need to be rebooted. 
Early versions of Novell Netware operated on this principle. 

Pre-emptive systems 

Pre-emptive operating systems are more complex. A job is given a time slice for access 
to the processor. If the job does not quit the processor voluntarily, it will be removed 
once its time slice is up. Even though it is given another time slice its access is suspended 
whilst other jobs have their turn on the processor. As this type of operating system is 
robust, a looping job will not take the processor down. It is also a fairer method of access 

as each job is given a turn without having to wait for the previous job(s) to finish. UNIX 
is an example of such a system. 



Servers that 
software. 


offers pre-emptive scheduling afford greater resilience to rogue 


Quick test 

Briefly discuss the features you would expect from a multi-user, multi-taskinq operatinq 
system. 
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Section 2: The UNIX filing structure 

Multi-user operating systems have large and complex filing systems, and UNIX is no 
exception. UNIX can support a great many hard disks, and even many computers, inside 
its filing system. This means an entire organisation can be housed within one filing 
system. It is important to note, however, that a filing system on a large machine is not 

restricted to the size of its hard disk drive. 

Directory structures 

In DOS or Windows, the filing system is based on the physical disk drive - if there are 
two 40 GB disk drives these are assigned a drive identifier (e.g. drive C) and access to the 
information on these drives is obtained by using these letters This system works quite 
well with filing systems that fit on to a physical drive but, in large multi-user systems, 
such a huge amount of data needs to be stored as it will not fit on one physical drive. 
Hence the filing system in UNIX is not drive based. Instead, there is one filing structure 
to embrace the entire filing system. This system might be the entire organisation, one 
department or even specific areas within one department. UNIX's filing system can span 
multiple physical disk drives or even multiple machines (see Figure 8.1). 


Root 



Separate physical drive on a machine 


Separate machine 


Figure 8.1: UNIX directory structure 

This filinq system is spread across three machines. The machine being accessed hosts the 
/usr/bin directory, whilst the home directory is split across two physical machines, one 
housing UK operations and the other US operations. It is possible for these machines to 
be located in their respective countries but still to provide access from one to the other. 
This is possible through the Networked Filing System (NFS) - a UNIX protocol that allows 
filing systems to be distributed, but yet accessible, throughout an entire network. 

Many UNIX machines use the principle of logical volumes. Essentially, a logical volume is 
a way of joining two or more physical disks. For example, if a company has a corporate 
database of 120 GB but the only drives available are 80 GB. If this database must be 
contained on one disk only, there will be a problem. The solution is to create one logical 
volume spanning two physical drives (Figure 8.2). The database can then be saved to 

the logical volume rather than the physical disk (or volume). 
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Figure 8.2: Logical volumes 

Quick test 

Briefly discuss the UNIX filing system, highlighting the differences between this system 
and a filing system you are familiar with. 

Section 3: Filing system security 

Users and groups 

When multiple users have access to a filing system, individual users files must be 
protected. For instance, the managing director of a company would not be pleased it 
all the staff had access to the personnel records. To provide this protection, UNIX uses 
the idea of file owners and groups: access permissions can be set for both owners and 
qroups. In this way, the UNIX filing systems can provide file protection and security 
The files stored on a UNIX machine can belong to any user. However, some files will 
be confidential whilst others will require wider access - perhaps to project groups or 
even everyone on the system. For example, a company intranet should be accessible to 
everyone in the organisation, but budgetary information might be restricted to senior 
management. Using the principle of file owners and groups, UNIX supports such access 
and Figure 8.3 shows a directory listing where the owner of the file (csOpir) and the 
group to which the file belongs (staff) have been highlighted. 










$ ls-lisa|more 
total 6963 

7324902 2-rw-1 csOpir staff 

7324800 8 drwx-x-x 46 csOpir staff 

7324817 2 Irwxrwxrwx 1 csOpir staff 

csOpir@isis.sunderland.ac.uk. 16165:1 

2 1 dr-xr-xr-x 21 root root 21 May 30 
7324877 2 -rw-r-r- 1 csOpir staff 

7324882 2 -rw-r-r- 1 csOpir staff 

7328640 2 drwxr-xr-x 2 csOpir staff 

7324804 2 -rw-r-r- 1 csOpir staff 


25 Mar 23 11:53 #fred# 

3584 May 30 12:30. 

36 Mar 23 11:52 Med -> 

12:51 .. 

446 Jun 27 1997 .abjibrary 
141 Jun 27 1997 .abjibrary.lock 
512 Sep 23 1994 .cetables 
747 Mar 8 1996 .cshrc 


Figure 8.3: Users and groups 

The systems administrator is usually a superuser (the root account in UNIX).The superuser 
has unrestricted privileges and access to all files and directories (the superuser account 

is used in Chapter 9 to set up a UNIX system). 
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ft * « ♦■**** 


******** 




******* 


****** * * 


* ft * * * * * 


******** 


******** 


* * * * * * 


<****** 


IlightS 3 - |S information about the 

To the left of the owner and group tnformatron ,n figure 8J 

file's rights. For example: 

-rwxr-r-x , 

• u -» fiiQ a directory (d) or a link (I). >ne 

The first character denotes that * ! S J'\unit's rights -in this case rwx indicating that 

followinq three characters represent the owne » , The seC ond group of three 

ESSS K^^Xlow to add them: 


Right required 

Read 
Write 


Value 

4 

2 

1 


vvruc x 

Execute (search if the target is a directory) 
chmod abc <filename> 

rrtbis command, a Indicates therngteofthewKm slm|*r 
riqhts to all users would be chmod 7 nr0UD r - x and the rest of the world r-x to 

normally used. This gives the ownerrwxthego^p ^ ^ app|jed equa | ly t0 bot h 

mainserve:/home/phil/crucial/test % Is -I 

total 2 

_ rw _1 phil staff 69 Nov2216:57 myfile 

mainserver/home/phil/crucial/test % chgrp student myfile 
mainserve:/home/phil/crucial/test % Is -I 

total 2 


-rw- 


—1 phil student 69 Nov22 16:57 myfile 

mainserve:/home/phil/crucial/test% 

Figure 8.4: Changing groups 


herited rights It ri nht<; that are qiven to a file upon its 

even tighter security, it is possible to set u ^ ing the umask command in UNIX 

-odd b, accident. This can be gone 
“:;™d^t:«auh permissions given to new,, created hies.The 
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umask command in operation. 


Figure 8.5 shows an example of the 


$ umask 
022 

$ date > date.txt 
$ Is -I date.txt 
-rw-r-r- 1 phil staff 
$ umask 077 
$ date > date2.txt 
$ls -I dat*.* 

-rw-r-r- 1 phil staff 
-rw--Iphil staff 


34 Apr 26 11:34 date.txt 


34 Apr 26 11:34 date.txt 
34 Apr26 11:34 date2.txt 


Figure 8.5: The umask command in operation 


Setting up security on files and directories 

TU £ I « . __ i 


operattog W system*cH' iTh° ffile SyS,em sec ™V <" "* « 

to combine the directory permissions and rh P flip — * ' however ' also possible 
example, by removing the read attrihi ,toc f r 5- permiss ! ons t0 increase security. For 

from seeing the contents of the directory rh 719 Irect0ry ’ it: is P oss| ble to prevent users 
the filename. X llStthe fi,es ,f he or she k "™s the entire path and 


mainserve:/home/phil/crucial/test % Is -I 


total 2 

drwxr-xr-x 2 phil staff 512 Nov 22 17:02 test2 

mainserve:/home/phil/crucial/test % Is -I test2 

total 2 


-rw- 


1 phil staff 


111 Nov 22 17:04 myfile 


■ i i ituv z.z. i r .U'r rnyme 

mamserve:/home/phil/crucial/test % chmod 100 test 2 
mainserve:/home/phil/crucial/test % Is -I test2 

test2: Permission denied 


total 2 


mainserve:/home/phil/crucial/test % cat ./test 2 /myfile 

SSK5 sh °” ,you howfi ' Kcan beproteaed bya,te ™3 > h * 

mainserve:/home/phil/crucial/test% 

Figure 8.6: Protecting a file by disallowing directory listings 
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Other file and directory attributes 

In addition to the file attributes given above, UNIX also has attributes for hidden and 
compressed files. 

In UNIX, files are hidden in rather an odd fashion - the filename is preceded by a full 
stop (.). Thus such files as .profile, .chsrc, etc., aren't seen when a simple directory¬ 
listing command is used (is -I). To see these files, the -a (all argument) command must 
be used. Files that are compressed in UNIX are given the extension .z. Thus myfile.z is a 
compressed version of myfiie. 

Quick test 

Briefly outline how files are protected in the UNIX operating system. 

Section 4: End of chapter assessment 

Questions 

1. Discuss the main features of a multi-user operating system. 

2. Discuss how the filing structure of a typical multi-user machine, UNIX, is organised. 

3. Discuss how filing system security is achieved in the UNIX operating system. 
Wherever possible, illustrate your answers with examples or commands. 

Answers 

1. To answer this question, you need to demonstrate your knowledge of multi¬ 
user operating system features. Although the question doesn't call for a direct 
comparison, it is worth mentioning that a multi-user operating system is much more 
complex than smaller, peer-to-peer ones. You should also mention the functions a 
multi-user operating system needs to provide and should discuss the two types of 
scheduling. You should mention the fact that these two types of scheduling are 
very important as they determine the server's resilience to rogue software. 

2. Here you need to discuss the organisation of UNIX's filing system. Your answer 
should be put into context by mentioning the fact that, because UNIX is a multi¬ 
user operating system, the files of individual users must be protected - unlike, say, 
desktop Windows or DOS. You must discuss the fact that the directory structure in a 
UNIX environment is not disk based but directory based, which means that it is not 
limited to the size or location of a physical disk drive or even a machine. It is always 
worth using a diagram to illustrate your answer. 

3. To answer this question, you need to discuss how filing system security is 
implemented in UNIX. You need to discuss the fact that filing system security in 
UNIX centres on the idea of file owner, file group and the rest of the world, and that 
permissions for access can be granted or revoked from either or all on a controlled 
basis. You should discuss how such access is granted and, if possible, illustrate your 
answer with the required commands. Some discussion of how the security may be 
increased further (using inherited rights) is also extremely worthwhile. 

Section 5: Further reading and research 

Afzal, A. (2002) UNIX Unbounded: A Beginning Approach. Prentice Hall. ISBN: 0 13092 
836 8. Section 2. 
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Chapter 9 


Setting up a networked 

operating system 


Chapter summary 

vwreliaSpTnd'rP^l ° f 3 n f t w° rked °P erat ' n 9 system is critical - NOSs must be 

£S£SS? ,he mon common taski fnvo,vadsmln ^ 3 

Installing and configuring a networked operating system. 

Creating a suitable user environment. 

Managing printer services. 

Ho wler, there is not the space here to cover everything you need to know to setup 
and configure a networked operating system; this is meant as a guide only. ' P 

Learning outcomes 

"toX r a V Sle ! ,o° Uld ' t “»'™^cWevememof.hefollowin, 

Outcome 1: Installing and configuring Linux and its applications 

Understand the steps involved in configuring a typical NOS and in instailinn an 
application. Question 1 at theend ofthis chapter will test you on this 9 

Outcome 2; Configuring the user environment 

Understand the need for, and be able to configure, the end-user environment 

Question 2 at the end ofthis chapter will test you on this. environment. 

Outcome 3: Printer setup and options 

Understand the issues involved with the installation and maintenance of printers 
Question 3 at the end of this chapter will test you on this. P 

How will you be assessed on this? 

? ? iS area iS n0t strai 9 htforwar d- Ideally, an assessor would like to see 
a student install an operating system successfully. However, pressures of time often 

j'TJ 3 ?, * dey are forced t0 ask indents to prepare a guide that will allow anyone to 

t^i^tmorTa 9rOUPS ' Y ° U ^ Wel ' be ° n y0ur understanding 6 ^ 


Section 1 : Installing Linux and applications 

inSJf ° P 5 rating systems (N0S) are com Plex pieces of software and need caref 
nstallahon and management. For the purposes of this chapter Linux's Fedora Core 

™ a^ation ta ca e n d nn H t OWeVer ' th ' S ' S 3 9 t. neral installation 9 uide for Fedora Core 4-th 

complicated computers available - a trip to a local PC shop will demonstrate the va 
range of equipment available (e.g. CD-ROMs, DVDs, scanners, processors memory etc 
is vast array of products means that just about every PC is different. This makes th 
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installation of a complex operating system 
choices. Whilst this is a general guide, it 's 


fedora.redhat.com) where you will 

about installing Linux 


deal of information 


One of the best ways 

renowned for its ease of 


Installation process 


est versions of Linux to install, i ne 
the machine and then set it to boot from the 
saved. Next, the first installation disk should 
machine rebooted. The initial Fedora screen 


Figure 9.1: Initial Fedora Core screen 
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to verify the media (the installation CD). If you are sun 
an skip this (Figure 9.2). You are now presented with the 
■ click Next to begin installation and select the language 


f 1 .1 «ti itm" jir • OK |§ftll 


Figure 9.2: Testing media screen 


Language Selection screen (Figure 9.3). Language 

, a ., < T t al1 s y stem documentation. Select the 

be asked for keyboard type. Select 


selection is obviously important 

appropriate language and click Next, you win now be asked ft 
the appropriate keyboard (e.g. United Kingdom) and click Next 


Language Selection 


What language 


i\kt ; to lisa during the 


Choose the language you would 
like to use during this installation 


Caiman tCaiaia) 
ChewscfSimpiifierfi 
ClKnese<TracJif:<«tai.' OHM**} 

r matsan (Htva 
Czech (CeStooa) 

Danish (D*mk) 

Dutch JN ed&fondsj 


Estonian (eesti keel) 
Piantsh (soomi) 
French {franc as) 

Gtsatari fl) 
Hindi {JH$} 

Hungarian (magyar) 




Figure 9.3: Language selection screen 
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lay —-you wan, » update an e.sUn, vets.on o, 
install and click Next. 

SST2V the Installation Type ** <* «« i " !,a " a ' i ° n 

h/np fnr vour situation, . 


Choose Retype or tns«..s«-v.s 
that best fleets your needs. 

An installation destroys any 
previously saved information on 
the selected partitions. 

For more information concerning 
the differences among these 

rtasses. refer to the 






Hide Help 


Figure 9.4: Choosing the installation type 


Disk Partitioning 
Setup 

One of the largest obstacles for 
a new user during a Linux 
installation is partitioning. I his 
process is made easier by 
providing automatic 
partitioning. 

By selecting automatic 
partitioning, you do not have * 
use partitioning toots to asstgt 
mount points, create Potion* 


they have been created. 

3=rr.?s=2S£ 

ft* system types, mow* !*»«*. ***** 

% A,utomatttaBy 

annioc- with &sk 


C MamiaJiy 8 


To partition manually. 

the Disk Druid partitioning tool. 

, Kt . the Back button to choose 


Hide tfefo 


Figure 9.5: Automatic partitioning 
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It is best to install Linux on a machine that is either new or on which the hard drive j 
has been formatted. . } 


Bootloader 

Fedora now asks where you would like the Bootloader installing 
manager for boot up. It is best to accept defaults. 


- bootloader is a 


Again, it is recommended to 


Network configuration 

At this point Fedora asks you to configure the network, 
accept defaults, which is DHCP. 

Firewall configuration 

A firewall is usually a good thing to set up, but often with Linux it makes carrying out 
the installation process, installing packages and connecting users a little more tricky. It 
is best not to configure the firewall until you have completed the installation - it can be 

turned on post-installation. 

Time zone selection 

Next, Fedora asks you to select the appropriate time zone - you should simply be able to 
click on the appropriate point on the map and then click Next (Figure 9.6). 
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Sel your time zone by selecting jj|j 
your computer’s physical 
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location, 
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j On the interactive map. click on 
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| selection. p 
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Figure 9.6: Time zone selection 


Root password 

Root is the superuser of the UNIX system - essentially it's God. The root password must 
be protected and forgetting the password could mean reinstallation and loss of data. 
However, the root password must not be written down if at all possible: this would 
compromise the system. The password is not displayed on the screen and it will be 
requested twice. Enter the root password, confirm the password and click Next to 

continue. 

Fedora now summarises this information. If it is correct, click Next to continue. 
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Figure 9.8: Creating a system user account 
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Figure 9.9: Adding and removing applications 
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Figure 9.12: Create New User 


To add a group, click on the Add Group button from User Manager, 
with the Create New Group window (Figure 9.13). 
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Figure 9.13: Creating a new group 


E T e j the ? ame of the Qroup and click on OK. The group is now created. Users can be 

added to the group by returning to the Properties section of User Manger and selecting 
Groups (Figure 9.14). a 
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Figure 9.14: Selecting group membership 






You should select their primary group and any secondary groups required. Deleting 
users and groups or removing users from groups can be achieved in a similar fashion. 



j The correct installation of Linux is the key to the success of the operating system. 
! Therefore, when installing the operating system, ensure you make the right 

i choices. 


Quick test 

Briefly outline the steps involved in installing a version of Linux. 


Section 2: Configuring the user environment 

Once a NOS is installed, the user environment normally needs to be configured. 
Configuration includes allocating users to a group, giving users access to the facilities of 
that group, creating login scripts to set the users' environment and, possibly, creating 
menu scripts to tighten security and to make the system easier to use. 

User environment 

As standard, UNIX provides two types of user environment - a command line interface 
(CLI), which is a text-driven interface similar to DOS, and a graphical user interface (GUI) 
similar to Windows. Which is chosen is a matter of personal choice and environmental 
conditions. If using a UNIX machine, you will be able to use the GUI but, if working 
remotely (e.g. through the Internet), you would use the CLI. Both interfaces will give 
access to files and will provide the user with full access to the server. 

One of the most popular ways of using a UNIX server is to implement Windows as the 
desktop operating system and to configure it to use UNIX as the server. For files, this 
can be achieved quite easily by setting Windows to use a remote drive, which should 
be configured as NFS. NFS (Networked File System), as we saw in Chapter 8, allows 
UNIX to share its filing system over a network. NFS is also available on Windows-based 
machines. Other applications (such as Oracle), tend to work in one of two ways. The 
first is as a piece of software installed locally (in the case of Oracle, SQL*Net) that allows 
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applications on the PC to access the database on the server. For example, a list of all 
students' names and email addresses might be required in an Excel spreadsheet. By 
using the appropriate software, a query can be built in Excel that will then be sent to 
the Oracle database on UNIX. The UNIX-based software will then process the query 
and return the required list into the spreadsheet. In this example, the UNIX machine 
is behaving as a true server - it is using its immense processing power to retrieve the 
required data to send to the PC. 

The second popular way of accessing a server is through a web-based interface. As 
web pages and dynamic web pages develop, it is becoming possible to provide end 
users with an interface to an application that is held centrally on the server. Using the 
server in this way means an increased load on the server but, at the same time, the PCs 
need less power. As this technology continues to develop, scripts written in Java will be 
executable on a PC, thus reducing the server's workload. 

User interfaces 

GUIs provide the end-user with a point-and-click environment in which they can control 
and run their applications. Multi-user GUIs have extensions that allow them to deal with 
file access privileges. They also have an interface that permits the management of quite 
complex activities (providing the user has the rights of access to them), such as adding 
a user, a group or a device. 

The real power of a UNIX server, however, comes in the form of the CLI. In the CLI, 
commands are submitted to the operating system via a shell. A shell is an environment 
that allows commands to be issued (like DOS), and it also has facilities to control input, 
output and programming facilities that allow complex sets of actions to be performed. 
A unique feature of the CLI in UNIX is that there are many to choose from. The user 
is able to select the 'shell' that best matches his or her experience and current needs. 
These shells are incredibly powerful and have a programming language of their own. 
One of the most common and powerful general-purpose shells is the Korn shell. 

As with DOS, it is possible to place commands that would normally be keyed in at the 
command line into a file. This file can then be given execute permission and executed. 
Such a file (containing UNIX shell commands) is known as a script (or shell script). 
Executing the script is equivalent to keying in the commands within it. UNIX shells are 
quite sophisticated programming languages in their own right, and there are entire 
books devoted to programming in them. Together with the large number of special 
utility programs provided as standard, scripts make UNIX an extremely powerful 
operating system: they provide UNIX with an extensive programming language and an 
extremely flexible environment for controlling and configuring users. 

Login scripts 

Login scripts are similar to the autoexec.bat and the config.sys files of Windows/DOS 
except that, in a multi-user environment, they work on a per-user basis rather than on a 
machine basis. Thus, whenever a user logs on to a UNIX machine, his or her environment 
is configured automatically. Such things as the preferred editor or printer are set and, in 
the case of systems that use KDE or CDE graphical desktop environments, the preferred 
Windows settings are also set. Login scripts in UNIX vary depending upon the shell in 
use. Each shell has a different startup file, which provides flexibility when configuring 
the environment. The file's name depends upon the default shell in use - UNIX has 
different names, one for each shell. The one for the Korn shell is known as .profile (it 
will be remembered from the last chapter that the . at the front causes the file to be 

hidden). 

Figure 9.14 shows a default .profile script. The lines that begin with a if are comment 
lines. The fourth line will print the phrase 'Hello Im running .profile’ to the screen. Line 
5 is interesting. It sets up an alias to allow the user to run the UNIX command Is -lisa by 
keying in dir. Line 6 sets the working path, and line 7 makes the working path usable. 
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Line 8 sets the type of terminal in use as a virtual terminal (VT) type 100. 

$ cat .profile|more 

# This is the default standard profile provided to a user. 

# They are expected to edit it to meet their own needs. 

echo Hello Im running .profile 
alias dir="ls-lisa" 

PATH=$OPENWINHOME/bin:$OPENWINHOME/lib:$ORACLE_HOME/lib 

export PATH 

TERM=vt100;export TERM 

Figure 9.14: Default .profile script 


Menu systems 

Often, administrators will want to make the system easy to use and may also want to 

increase security - if the end-users are not allowed access to the operating system 

commands, they can do a great deal less damage both by accident and maliciously. The 

script in Figure 9.15 provides the end-user with a menu system. The user can choose 

to get the date, the current directory, a directory listing or can exit. Sample output 

is shown in Figure 9.16. By inserting a call to this script (together with the UNIX trap 

command) into the user's .profile file, the administrator is able to control what the user 

is and is not able to do. The trap command traps break commands (e.g. control-c) which 

prevents the user from breaking out of the menu. Figure 9.1 7 shows the revised profile 
(including the trap command). 


i 
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Scat menu 
#!/bin/ksh 

#Simple menu script written by P J Irving 3/9/02 

select REPLY in "System Date" "Current Directory" "Directory Listing" "Exit" 
do 

case SREPLY in 

"System Date") 

date 

• • 

n 

"Current Directory") 

pwd 

•• 

n 

"Directory Listing") 

Is-I 


"Exit") 

break 

• ft 

n 

*) 

echo "I do not recognise your choice" 

• ft 

ft 

esac 

done 

Figure 9.15: Simple menu script 

$ menu 

1) System Date 

2) Current Directory 

3) Directory Listing 

4) Exit 
#?1 

Tuesday September 9 18:25:31 BST2002 
#? 2 

/home/phil/unixbook 
#? 3 total 2 

-rwx-1 phil staff 354 Apr 27 18:20 menu 

#? 8 

I do not recognise your choice 

1) System Date 

2) Current Directory 

3) Directory Listing 

4) Exit 
#? 4 

$ 

Figure 9.16: Sample output from the script in Figure 9.15 






w 


*<*««**» 


*************** 
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# 

# 


$cat .profile|more 

This is the default standard profile provided to a user. 

They are expected to edit it to meet their own needs. 

echo Hello Im running .profile 
alias dir="ls -lisa" 

p^jl_l_^OPENWINHOME/bin:$OPENWINHOME/lib:$ORACLE_HOME/lib 

export PATH 

TERM=vt100;export TERM 

tap 'echo you cant use ctrl=-c' INT 


menu 


Figure 9.17: Revised .profile script (note the trap command) 



Menus are very useful. They provide the user with limited choice and therefore 
limited functionality within the system. They are very powerful when combined 
with login scripts, the break command allowing the user to undertake the tasks on 

the menu without accessing the operating system. Jhisjncrea^ 


• % • 9 • < 


Quick test 

Briefly outline how shell scripts in the UNIX environment can help to make the server 
secure. 

Section 3: Printer setup and options 

NOSs tend to have many different printers that are often located in u sers 'offices^. It is 
imDortant therefore, that both the printer and the queue are set up correctly and tha 
user output is directed to the correct printer (this is usually done in the user configuration 

file - see Section 2). 

Setting up the printer 

The following are general points concerning the attachment of printers. Printers can 

units^networked to the UNIX machine; and some workstations provide for the direct 

connection of a printer. . ... 

When installing a printing device, that device's use must be considered carefully. If the 
printer is to print on secure stationery (e.g. cheques), it must be secured bo ^physically 

a cheque wilh th^ name on" Indeed, if a printer contains anting other than blank 

ftaudulent use. as could invoices, credit notes, etc. Even letter-headed ®«n«yneeds 
to be protected in some way - it is relatively expensive and can be wasted if used for 

program listings, etc. 

In general, printers are found in the /dev directory and have the following attributes: 


Device name 

Description 

/dev/lpO 

First parallel printer 

/dev/lpl 

Second parallel printer 

/dev/I p2 

Third parallel printer 


Serial printers are assigned to serial devices (e.g. /dev/ttySO 
/dev/ttySI for the second, and so on). 
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Printing options 

To support multi-use, access P-mter fund 

command is Ip o, Ipr (an abb,ev,at,orf° l« T"°*“ e ’ „ jsh check the 

S " r " ove a )ob ,rom the queue ' 

he or she needs to know this job number (see below). providing 

It is usual for a multi-user system to h aw h fch e ver printer he or she wishes to use 

he or she has permission, the user can select ^ cheve P^and Thus lp _ p prin ter 

SoniSi^useS^S »d „„ the p,into, named. Status check and 
job cancellation also support the -p switch. 


Managing printer queues 

In most cases, all printers can be seen and™ "^ther^ha^'stt n d a!d'intenanee 

Printers in UNIX usuaHy need httle man g^ ^ ^ rem0 ved from the print queue, 

5SSS U> - S!SS 


C ommand 

Ipstat printer 


Ipq 


Iprm 


Description _L 

Displays information about the current I 

status of the LP print service _ L 

Displays the status of jobs on the printer 

specified _1- 

Cancels printing of the specified job _|_ 

Table 9.1: Printer maintenance commands 


Example _ 

Ipstat -o all 

Ipq -p stuprinter 


Iprm 123 


name tobe specified, and it provides the following information. 

• print job ID; 

• the owner of the job; 

• the name of the file being printed, 

• the size of the file. 

The Iprm command can be used ,o remove jobs horn The P« < 
StCSSr ,0 remove specified Jobs from «he ,ueue o, 

s -SS2 SEEP 

cancel for cancelling print jobs). 
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Manag'ng printers in Linux means being responsible not only for your own work 
™ h 5* th ^ the printer. J P " 9 





>v. 


Most of these commands have GUI equivalents 


Quick test 

Briefly discuss how print jobs are managed, using the command line in Linux. 


Section 4: End 


of chapter assessment 


Questions 


1. 

2 . 


Outline the major steps involved in installing Linux. 

Figure 9.78 shows a shell script. Briefly discuss what the shell script does annotation 

this example with appropriate comments, and provide a sample output Discuss 
why such scripts are very useful for security. P 


Scat menu 
#!/bin/ksh 


select REPLY in "System Date" "Current Directory" "Directory Listing" "Exit 
do 

case SREPLY in 
"System Date") 

date 


"Current Directory") 

pwd 


j „• n 

"Directory Listing") 
Is -I 


"Exit") 

break 

• • 

n 

*) 

echo "I do not recognise your choice" 


done 

Figure 9.18: Sample shell script 

L Briefly discuss how printers are managed in the UNIX operating system. 
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Answers 

1. To be fair, such a question is unlikely in an exam or TCT. You are far more likely 
to be asked either to install a version of Linux or to produce a user guide on the 
installation of Linux. In the latter case, you should note your intended audience 
and ensure that the language and style used are appropriate for this audience. 
Ultimately, the assessors are seeking to establish whether you can install a multi¬ 
user operating system, and the production of a manual gives them something that 
can be handed to the external examiner as proof of your abilities. 

2. Rather than being cruel and asking you to write a shell script in an exam or TCT, the 
assessor will often give you a shell script and ask you to annotate it with comments 
and give a sample output. This is a less painful way of ensuring you understand 
scripts. In this case, the script is a menu system that allows the user to call on a 
number of utilities. When it is executed it will present the output shown in Figure 
9.79. You should annotate the shell script with appropriate comments. Remember, 
the assessor is not looking for comments such as 'this line prints out'; he or she is 
looking for a deeper understanding - for example, 'this section of the script traps 
and processes an invalid user input'. Finally, you need to identify why menus are so 
important to security in an operating system. Your answer to this question should 
ideally include the trap command being used in the shell's startup file. 

$ menu 

1) System Date 

2) Current Directory 

3) Directory Listing 

4) Exit 
#? 1 

Tuesday September 9 18:25:31 BST2002 
#? 2 

/home/phil/unixbook 
#? 3 
total 2 

-rwx-Iphil staff 354Apr 27 18:20menu 

#? 8 

I do not recognise your choice 

1) System Date 

2) Current Directory 

3) Directory Listing 

4) Exit 
#? 4 

Figure 9.19: Sample output from question 2 

3. To answer this question you need to need to highlight the issues associated with 

printer management, list the commands used for printer management, discuss the 

function of each command and give an appropriate example of each command's 
use. 

Section 5: Further reading and research 

Afzal, A. (2002) UNIX Unbounded: A Beginning Approach . Prentice Hall ISBN: 0 13092 

736 8. Section 2. 

www.fedora.redhat.com 
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Chapter 10 


Network management 


tana^ng a networkis,. Mr ^^KbS «”sK«“ netwote'tSs 
is installed it will virtually run use ■ w complex and often mission critical 

simply not the case. Today s networ ks a™ otecemeal - to perform well they must 


outcomes. You should be able to. 

?r secu,i,y imp “ ca,ioni - Ques,ion 1 at 

the end of this chapter will test you on this. 

Outcome 2: Managing networks ( fashion t0 provide high- 

avallSy 6 oZZTa^Z end of°this chapter will test you on this. 

SSiSt —n =S ^-—^ 

and devise, implement and monitor security ponce 
chapter will test you on this. 

Hnw will vou be assessed on this? 

The subject matter of this chapterMsia'Wend ofbot As time 

the theory is very practically7°^ rf i s are limited it is likely your assessor will ask 
is often tight in modules and resources a ^ the practica | aspects. Such 

topics a^backup and* security lend themselves very well to exams and TCTs. 


Section 1: Creating users and groups 

■ ,cvu r .. in wns u the creation of fictitious user 

Creating users and groups ^ consideration mu5t be 

When establishing a UNIX system for ' he S 'Nations have distinct groups (e.g. 
given to groups and their memberMost «9 a ™»™ ! naturally form UNIX groups 

b pdnt—'Ses a'nK££?l- access to the purchase order system, 
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ssssssisiiii 

to inform the systems administrator, who ^mlnt should be kept by the systems 

accounts to be created each September. . « . 

SEaSSraSSSSsSSSffi 







tt :ri >•»** V*' ’ v - UiYYVVVW*' ■■ ' — — • • _ lit 

” nt,ol must be exercised over the creation of use,. Creating users ,n an ad hoc j 
fashion may wellc o m pro m' se . the . sy st e . rT ' . ; 






Management of users 

users, therefore, tends to fall into one of two categories. 

• normal user management; and 

• exceptional user management. 

»S»II* 

breaches and should 1 ^e^hapT[he SLer doesn^t Vog out when leaving for lunch 
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™ACOT^ l !*l?iT™ ,d in UNIX “" sh °» " h °* 

mS^°“ c tr ltive ,oo,s ' ,key are a ^*ssj^x cf ss 


£Occasionally, a user will 


groups using the chgrp command (see Chapters). Seated to the correct 



mam 


'.^•***.r : .*«* 

mm$m 

Wa il 



good u™r ^St “ keeP * he SySttm h “ l,hy *“”%" dependent upon 








Quick test 

Briefly discuss the issues involved 


in user management. 


Section 2: Managing networks 

suc«Is?„?~^ r ly the beginning: tbe 

SESTET S? ™ a,e 

monitoring Source „Lge func "° nali »' through the continuous 


Estimating resource usage 

f" 4 • A 


°/ n S rk mana 9 ement. The goals 

use these trends to plan fuSSaTeflSS "!? “* ° f th ? ne,work a " d <» 
a benchmark for resolving problems it k ^ * rends accurate| y and to provide 

performance immediately after installation if ltant t0 measure tbe network and its 
measures the ted on the * baSelinin9 ' thiS process ideall V 
machine. Only when this information hp etv ^ orl< s res Ponse time at each user's 

be made if users complain of the network's perfoTman'ce meanin9ful com P arisons 



******* 



be nothing to measure current 




i Th ® s V stem must be baselined. If not, there will 
•.Performance against. 

•••••ta»a«M | f999999|4 

These can be Skin^n?th^foMo^ing k JCmmands^' Sk 05396 ^ ^ diSk filin9 System 

df 

du 
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******** 


Filesystem kybytes 
/dev/staffl 17415 
/dev/staff2 20300 


used 

10900 

11000 


avail 

6515 

9300 


capacity 

62% 


Mounted on 


/ 


54% 


/usr 


Figure 10.1: Sample df output 


$df $ dujmore 

2 

./.wastebasket 

16 

./.cetables 

2 

./.logs 

2 

y.tt 

46 

ysql/osaass 

236 

7sql 

2 

./.netscape/cache 

264 

./.netscape 

2 

,/bupdir 

6 

,/copydir 

6 

,/BUPDIR 

16 

,/mydir 

6 

,/COPYDIR 

130 

./Java 

2 

./bin 

1026 

,/soar6 

-More- 


Figure 10.2: Sample du output 


Both these commands provide essent '^ true if /tmp 

becomes full as all UNIX applications use this asa scr be undertaken if there 

the system is essentialif P r0 ^ le ™ /tmp directory normally only contains temporary^ 

and it is the only directory from which the s JJ“| d not be deleted. Applications also 
directories contain essentia! sy stem fi ins t an ce, an accounting package will have a 
usually have directories that gro . . 0 f t h iS directory will grow as each transaction 

& xs% ?— d and u ~ wes 

removed. and be recorded. The exact frequency 

Measurements should be taken req ^ d . , uotas imposed on users, but once 

fSis n P ormall, sufficient 

prior to any software installation or m responsibility for the maintenance of the 

filing systemshould be the responsib ,tjr of all ^Juntered. Instead, the 

^ere^should'b^ma^ resp^n^lbte fiHng^stems^and^hey 

administrators can set 
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t disk Quota for each user that + u ♦ •**•#••**, 

p” sy^'s^: 


******* 


****** 
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organisation's nee™"'^ ^ networked system to ensure it cc 

.... . * VVl 

. 


continues to meet the 


p A ^ nagin9 systems: backup 

SSSSSErr 1 * -™~r rr is ^ 

frequently recoJSS** “ 3 " d «* Mowing 


backup; 

backup; 

backup; 

backup; 

backup. 


are 


This is not a misprint — it' * 

KWlthourS° r9 f'S d«S ? d "»taators must realise 
data. When£SSf ST “ “e chance “ P ln the *£ 

°nsss“sf"' s s ~d a as: s;feS.; 5:s 

siHSSF*£ £5Sr 

taken. Backups cannot hp° °^ e ^ answer is Very little' rpn S | °u^ as ^ ,tse ^ ^ow 

Job description to take m h ’ e OU d be m ade someone's re,™ I ? ,he we| Haeing 
they are taking'placejf noTth^^' and some one else's msoinJihr^ h,s 0r her 

everyone undeSaSK TESTES: 

Backup now complete, what next? 

KrSiiHS r 5™^ 

well have bee w££ b 'S * at , the ^ on 

»restore a„ the «es. "“ h ^ «* The only way a bactptnt 
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the original files will be corrupted. 

If the organisation does not have a 'spare' computer, it is best to write a script that 
places a copy of a master text file around the filing system in predetermined locations 
(usually around mission critical data - both before and after it). The backup should then 
be taken and these text files removed from the computer. An attempt should then be 
made to restore the files from the backup and compare them to the master. If the copies 
verify OK, there is a high probability the backup will be OK. If not, another backup should 
be made immediately on another tape. 

Backups can be made easily on UNIX using either the tar or cpio commands. The tar 
command normally has the following syntax: 


tar-cvf /dev/rmtO 
tar-tvf/dev/rmtO 
tar-xvf/dev/rmtO 


for backup 

for tape listing 

for the extraction of files 


Figure 10.3 shows tar being used to create a backup, to list the contents of the backup 
and, finally, to restore two files. 

$ 

$ tar -cvf backdir/up/bup date*.* 
a date.txt 1K 
a date2.txt 1K 
$ 

$ tar-tvf backdir/bup 
tar: blocksize=6 

-rw-r-r-1069/10 34 Apr 26 11:34 1999 date.txt 

-rw-1069/10 34 Apr 26 11:341999 date2.txt 

$rm da*.* 

$is—I da*.* 

da* *:No such file or directory 
$tar =xvf backdir/bup date.txt 
ta: blocksize=6 

x date.txt, 34 bytes, 1 tape blocks 
$ tar -xvf backdir/bup date 2.txt 
tar: blocksize=6 

x date2.txt, 34 bytes, 1 tape blocks 

$ 


Figure 10.3: Sample tar output 

Further details can be obtained from the manual entries of tar. Users should be wary 
that tar could corrupt certain types of files (only the backup copy is corrupt). These 
include ORACLE databases, which must either be exported (an ORACLE command) prior 
to backup or must be backed up using cpio (which does not corrupt). 



mm liSIlfll.1 . .. 

"K—. .v*. . *y.[. wv •: .w.v.*v.v.v•.* • • v*.• •*:• - 


•v. . . .V. .V>.*.\* • • •> • W*Vrv.v.v.v.j.'.v." 


Backups must be tested regularly to prove the data can be restored. 
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Types of backup 

There are three main backup techniques, and the selection of the most appropriate 
technique is just as important as selecting the right backup device. 


Full 

Performing a full backup on a frequent basis is usually the best way of protecting 
the system. This involves taking a copy of all the data, applications and systems files 
(including the operating system) and storing these to tape. Everything on the system is 
copied to tape, which requires a backup device with a large storage capacity. Because 
of the volume of information being stored, this type of backup takes the longest to 
perforin. Should the organisation need 24-hour access to its data, this kind of backup 
can be disruptive. However, because all the information is on one backup set, this type 
of backup is the quickest way of restoring the system. 

Full backups are perhaps easiest in UNIX and can be achieved simply by using the 
standard tar command: tar -cvf/dev/rmtG. 


Incremental 

Incremental backups are used to cut down the time taken for a full backup. Using this 
method, a full backup is taken and then the first incremental backup copies only the files 
modified (be they system or data files) since the full backup. The second incremental 
backup copies only those files (system or data) modified since the first incremental 
backup, and so on. This drastically cuts down on the time taken to back up, but can 
lead to a complex chain of tapes as each tape contains only files modified since the last 
backup. This means it would take a lot longer to restore the files and that the backup is 
dependent upon more tapes, which increases the probability of failure. 

To make an incremental backup in UNIX, we need to 'find' the appropriate files and use 
this list to perform the backup. The find command in UNIX finds all the files that have 
been modified today: find / -mtime -1! -type d -print. This command will find all files 
starting from the root directory (/). The ! means not and the -type d means directory. 
Thus it will not find directories, as not everything in the directory will have changed. 

UNIX permits command substitution, which allows a user to use a command in place of 
a string or a variable. This is achieved using the ' quotes, usually located at the top left 
of the keyboard. Thus the above command can be incorporated into the tar command: 
tar -cvf / dev/rmtO" find / -mtime -1! -type d -print", giving a list of modified files to be 
backed up. 


Differential 


Differential backup is really a compromise between the previous two backup techniques. 
With differential backup, a full backup is taken and then subsequent differential 
backups. Each differential backup copies all files modified since the last full backup. 
This affords a higher level of protection than incremental backups, but not as high as 
a full backup. It also takes longer to back up than an incremental backup, but less time 
than a full backup. Finally, it takes longer to restore than a full backup but not as long as 
an incremental backup. 


Differential backups in UNIX require a slightly different version of the find command. 
When the full backup is taken, the systems administrator creates a file (e.g. /imp/ 
fastbackup) that would have the date and time of the backup contained within it. The 
above command could then be modified to search for files that are newer than this: 
tar -cvf /dev/rmtO " find * -newer /tmp/fastbackup ! -type d -print". Thus all the files 
that have been modified since the date of the /tmp/lastbackup file will be archived. 
The date and time of the /tmp/lastbackup file can be easily modified using the touch 
command: touch /tmp/fastbackup. 
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The time taken to restore is of-the! utmost ^P^^ant^ normal b^nSshodd 
SSSS SfflKSS.T& recommended unless 












there are compelling rea s°os not to doso.. 

Backup cycles 

Introduction manufacturer's guidelines (in terms of 

Tapes must be used in accordance with q ^ The manufacturers issue 

heat, humidity and acclimatisation) ■ ntcr , nt hpiruse which must be adhered to.The 

instructions with tapes detailing c 00 ^. 3 ' _ h tap g s h 0 uld be used frequently and 

to a similar extent. Tapes stretch should 

ensure each tape is used a similar number oft. be!ow that allow for the 

effi^ent'e^din'g^of tapes (the second .tods a high level of protection, assuming a full 
backup is taken every night). 

Grandfather/father/son O ff ort ivp hackuD cycles. The first tape 

& » rr: ~ k ,» 

Thus there is a whole generation of back ^ P ^ days ago can be 

recovered. As computer systems become- they may 
noticed in three days. For example, consider £ ver a 7 0S t file it is too late to recover it 

usingthis method of c^g. "nTsations have adopted more complex strategies 

for cycling. + 

Four-week cycle fnrth „ r four weeks. Full backups are 

This method preserves each weeks ^ up , Th Jj last working day's tape is kept and 
taken on separate tape ^ts every reDea ted for week two to week four. In week 

StsS^up 

rr 5,: wS'^SSe ^ fonrveekly lockups - this would 
underuse them and so they could fail. 


♦ 




SS he kept for a 'reasonable' lime. The dehnition of reasonahie wil, 


1 depend upon the organisation. 




, ••••• 


ff Ilia! 
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Additional considerations 

The following should also be considered when undertaking backups: 

Replace tapes regularly ,.he pu,chase date should be written on the tape, together 
with a tally of the number of times used). 

Upon receiving any errors, the tape should be replaced immediately. 
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• Clean the drive regularly, following the manufacturer's instructions. 

• Always store tapes offsite in a fireproof safe. 

Quick test 

Discuss the major management issues a systems administrator should attend to. 


Section 3: Disaster recovery planning 

Introduction 

Almost all organisations are critically dependent upon access to their data and are usually 
unable to function without access to it. For such organisations, the use of IT systems for 
data storage can be both a lifeline and a threat. Consider a credit card company whose 
premises have burnt to the ground. With copies of their data stored offsite and access 
to a similar IT system, the company would be able to operate as normal within a very 
short space of time. However, if the reverse were true - the company had access to its 
premises but had lost access to its data, they would be highly unlikely to survive. 

Almost all organisations will have insurance policies and hardware maintenance 

contracts, but what neither usually provide is a solution from the equipment being 

lost until the replacement arrives or repair is undertaken - that is the role of Disaster 
Recovery Planning. 

Backups 

Disaster recovery planning is crucially dependent upon backups - if you don't have up- 

to-date backups, then there will be nothing to restore on the replacement computers or 
in the alternate premises. You must make sure that: 

1. you have current backups; 

2. they are stored securely off-site, preferably in a fireproof safe; 

3. the backups have been thoroughly tested; 

4. software disks/licences are also stored securely off site. 


Disasters 

Disasters in this context means anything that prevents the organisation from being able 

to access its data and can include security breaches, Denial of Service (DoS) attacks as 

well as the usual fire, theft and flood. Figure 10.4 summarises the leading causes of data 
loss. 


Hardware or System Malfunction 

44% 

Human Error 

32% 

Software Corruption or Program Malfunction 

14% 

Computer Viruses 

7% 

Natural Disasters 

3% 


Figure 10.4: Leading causes of data loss 
(source: Ontrack Data Recovery) 

You cannot prevent disasters from happening, but you can carry out risk assessment, 
minimise the risks and adequately plan for disaster recovery. 
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Risk assessment 

Risk assessment is the process of identifying risks that your organisation faces. There are 
generally two methods of risk assessment, which are complimentary: 

1. An objective survey of the organisation to identify any risks. 

2. A brainstorming session with key individuals. 

When carrying out risk assessment it is important to identify as many risks as you 
can, encourage 'thinking outside the box' when brainstorming. Don't forget to think 
of internal risks as well as external - most computer fraud (around 2/3) is committed 
by employees. Once the risks have been identified, they need to be prioritised. This is 
known as exposure and is obtained by multiplying the value of a risk by its likelihood 
of occurrence. By minimising the risk you reduce your exposure. Figure 10.5 shows an 
example of risk assessment 


Example of risk assessment/minimisation 

You have an expensive mountain bike and decide to leave it unlocked in a particularly 
nasty neighbourhood, where it is almost certain to be stolen. The bike is worth £1,000 
and you are 99% (.99 probability) certain it will be stolen. Your exposure is £1,000 x 
.99 = £990. Suppose you add a very expensive lock that will protect the whole bike, 
you estimate that this will reduce the risk of theft to 50% (.5 probability). You have 
reduced your exposure to £500. By not leaving the bike in that neighbourhood and 
using the lock you reduce the chance of theft to 10% (.1 probability). Your exposure 
is now £100. You could of course insure your bike and pass on the risk, but what 
would you do in between your bike being stolen and it being replaced? 


Figure 10.5: An example of risk assessment 

Planning 

Disaster recovery planning is about planning for business continuity in the event of a 
disaster and hoping it never happens. Most auditors now like to see that the organisation 
has thought about disaster recovery planning and will often ask to see your disaster 
recovery plan. 

The essence of disaster recovery planning is to identify whether disasters will: 

• stop you using your premises; 

• stop you accessing your data; or 

• stop you using your hardware. 

For example, the car bomb that struck Commercial Union London in 1992 blew out all 
of the windows in their tower block. This rendered the building unusable but, because 
they had multiple data links, they were still able to access data remotely and, using a 
register of unused space in branch offices, were able to open for business as usual on 
Monday following the blast the previous Friday. 

In order to effectively plan for disasters you need to identify what you would do in each 
of the situations. There are a number of options, which are briefly described below: 

Self-protection 

Large organisations with multiple premises may well be able to protect themselves. 
Consider a university with a number of different buildings spread across a city using PCs 
and UNIX machines. If disaster struck one of the key business units, for example finance, 
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nt r hpl d h?MH he data u 3S ' n taCt/ the finance department could relocate into one of the 

S h N r:t r0U,ed , t™?" 9 the de P m ™"< had made arrangement To Take “e, 
UNIX machine and the lab In times of disaster, it could move into the classroom load the 

data, organise the telephones and be 'open for business' relatively quickly Disruotion 

to classes could be handled either by using spare capacity in otheHabs or at worst 

altering the working hours of finance to work when the class was empty. 

Smaller organisations may well be able to achieve this too - a small account™™ nr i a „, 
practice may be able to easily work out of a home. accountancy or law 

1" 1 t case of net work self-protection, you may wish to keep spare kit or sDread 
connections so that if, say, a switch fails, you can move all of the connections to sDare 

from a „TwoS d? s "S eS ‘ ^ ^ " ,eleSS * COuld prove *** >" covering 


mm 










mm 






. . 


.... 


Whilst se^-protection seems relatively straightforward, you must plan for it You 
must also make sure that you have the expertise available to make it possible - if 
^... U . r .. S . u P.P.?^..^ am ,sn * ava *l a ble / how will you make the move? 






Mutual protection 

Mutual protection is where two or more organisations enter into an aqreement to offer 

mom s^riteb?efoforg a rdsatron ,d thatarend i in S compe^iori , whheach < other n fofe«imple 

If you think this type of plan may be suitable, you should carefully draft a lenal 
greement. All parties should also monitor relevant changes with the other Darties for 
example changes of equipment, available space, changes of management etc Overall 
the parties should ask themselves: 'Am I prepared to stake my orgaSon on tSs? ' 

Commercial plans 

There are a number of companies who offer commercial plans for disaster recovery 

machine and provide you with remote access, up to a ’white room” service, A wh?te > ,oonr 
an unused room complete with all computer equipment desks chairs telpnhnnp^ 
everything an organisation would need to carry on business should disaster* strike 

^ ** ^ by trUck and set U P in the 

a°re l!ke U |v y ;noff price ^ aC “ rdi " 9 t0 the service you want. In between companies 

terhnS 1 H 3 '° an ° f a machine (for a s P ecified time) or perhaps e“S a 

technical team to help you get up and running again. 

Factors that should be considered when entering in to a commercial agreement are: 

Types of computers the company use - are they compatible with your own and will 
you be able to simply use them without any specialist training? 

* ISf ratio of computers kept to the number of clients the company has - a comoanv 

keeping ! IWdPenS."^° P,i ° n,ha " 3 “"W 

• Ability to upgrade the plan in times of disaster - if disaster strikes and vour technical 
team atem, available will you be able to upgrade ge, SSaSKS 
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• The length of the loan of equipment - will it be long enough for you to process the 
insurance claim and to cover the lead times with your kit? 

• The expertise available in the company - will it meet your needs? 

• Testimonials from those who have suffered disaster and used the companies 
service. 

• Financial stability of the company.. 

• Lead time before the company will have you back up and running. 

• Clauses allowing you to test their services. 

Testing your disaster recovery plan 

Auditors may be happy that you have a disaster recovery plan in place, but will it actually 
work if disaster strikes? Having gone so far down the line most organisations are now 
worried and want assurances that it will work. The only way to convince yourself of this 
is to simulate a disaster and try out your plan. For example, pretend that your system has 
gone down or that disaster has struck and try moving to your white room and recover 
the operation. Most disaster recovery companies will allow you to test out their services, 
but there will obviously be a charge for this. 



Never try simulating a disaster by deleting data from your system - if your plans 
don't work, you may well have a real disaster on your hands! 



All disaster recovery plans are critically dependent upon planning, backups and 
keeping the plans up-to-date. Make sure that you plan everything: 

• Keeping an up to date telephone directory (copy off site!), which includes a 
means of contacting your key members of staff wherever they are. 

• Taking regular backups and keeping them off-site. 

• Monitoring your disaster recovery plans and keeping them in contract and up to 
date. 

• Monitoring the health of your disaster recovery provider. 

• Regularly testing your backups. 

• Testing your disaster recovery plans. 



Remember we all have a part to play in this - if the organisation goes down, we will 
lose our jobs and perhaps our lifestyle. 


Quick Test 

Briefly name and discuss the various types of disaster recovery plans available. 

Virus protection 

Computer viruses are yet another threat to networks and systems. Unfortunately, the 
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development of networks and emails means they can be spread more quickly than they 
could by floppy disks. The security policy must deal with the threat of computer viruses, 
which can lead either to a denial of service or can be used to open a 'back door' into the 
system. With viruses, prevention is definitely better than cure. Protecting the system 
from viruses involves educating the end-users in the need to be aware of the risks of 
computer viruses and how they are spread, etc. The organisation's policy must aim to 
minimise the threat of viruses, and the users must work to this policy, either by choice 
or by force - but the former is more acceptable! Such a policy must: 

• regulate the use of floppy disks and CD-ROMs in the organisation; 

• control the sending and receiving of email attachments; 

• control downloads from the web; 

• control the installation of software; 

• ensure that every machine has an up-to-date virus checker installed; 

• ensure that each machine is regularly updated with the latest version of the antivirus 
software. 

Users should be discouraged from using CD-ROMs or floppy disks unless they can 

demonstrate a need and they have been virus checked. Some organisations make 

unauthorised use a disciplinary offence. Sending and, particularly, receiving email 

attachments should be discouraged unless absolutely necessary. Even when necessary, 

these attachments should be in a zipped form rather than executable. This facilitates 

easier virus checking on the receiving machine. Remember, plain ASCII text is always 

safe - it is the attachments, etc., that cause the problems. Downloads from the web are 

extremely dangerous and users should be discouraged from downloading (and certainly 

installing) software and files. Indeed, the only software that can be safely installed is 

shrink-wrapped software from a trusted manufacturer or supplier. Each machine should 

have a reputable, up-to-date virus checker installed, and this must be kept up to date 
with the latest releases from the manufacturer. 

The network operating system also needs to be chosen carefully. A system that offers a 
high degree of security (with separate logins for each user) and administration rights to 
the administrator only, will go a long way to protecting itself. Should a virus somehow 
sneak in to the system, under such conditions it should not be able to infect easily either 
other users' files or the operating system itself. Regular system backups must be taken 
and several generations should be kept - restoring yesterday's infected file is of little 
use, but last weeks out-of-date uninfected file is of use. These backups should be on 
external media that can be removed from the system and stored safely. Again, the anti¬ 
virus policy must be continuously monitored and updated if it is to remain effective. 



Viruses are a real threat to organisations. Good administration is essential to 
minimise this threat. 


Quick test 

% 9 i in an organisation's security and 

anti-virus policy. 
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Section 4: End of chapter assessment 

Questions _^-.Homiiivsintl 


***&««*** 




1 . 


2 . 


3. 


Briefly discuss the major tasks Involved in managing a network and the importance 

Briefly discussthe process of risk assessment and disaster recover, planning, stating 
why f! ?s ?necessa P ry practice for most organ,sat,ons. 


2 . 


1. This question is in two P art 5 - J he first^ef^ted?n the control 

of that creation. For the first part, you ne« to discuss no ^ ^ ^ 

on a UNIX system, outlining thei variouss p ! ° amd t you shou |d discuss 
group and to allocate the user t c J P- or a g roup and adding/deleting 

the key to accessing the system and that u f r (and outline), an administrative 

«« »' h -— in a 

2, To answer this question you n eedt d °^J brTefly thet ask^nd^ts importance 

in aiding the smooth °P era ['°^ r ^i^^ ss t h' e various options available and, if 

,he best methods ,0 bac 

up systems and data. 

3. To answer this question, you 'dentrfy the options available. 

Ideally, you should discuss briefly discu h P assessor of the need to 

&1S2Z££ K& - k'hows a greater understanding o, the 

problem. 

Section 5: Further reading and research 

Afeal, A. (2002) UNIX Unbounded: A Beginning Approach. Prentice Hall. ISBN 

So Networking Academy Program (2004) CCNA1 and 2 Companion Guide, (3rd edn). 
Cisco Press. ISBN: 1 5871 3 150 1. Chapters 8 and 28. 

.in i inix. see www.fedora.redhat.com 
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Chapter 11 

Connecting to the outside world 


Chapter summary 

This chapter provides an overview of networking by illustrating how all the 
equipment works together in order to provide connectivity. Since the Internet is a 
hot topic at the moment, it outlines how a request for a web page is generated on 
a PC and handled by the network. 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 
outcomes. You should be able to: 

Outcome 1: Types of Internet connections 

Understand the differences between the main types of Internet connections and be 
able to select the most appropriate for a particular situation. Question 1 at the end 
of this chapter will test you on this. 

Outcome 2: The Internet (TCP/IP) case study 

Understand how the Internet operates when requesting and receiving web pages. 
Question 2 at the end of this chapter will test you on this. 

How will you be assessed on this? 

Knowing how connection to the Internet and how data travels in the form packets 
and frames (crossing internal networks and the Internet) will give you the 'big 
picture' of how networks operate. Even if this is not assessed directly, it will deepen 
your understanding, which will come through in any assessment you undertake. In 
a practical assessment, you could be asked to recommend an Internet connection 
for a given company. You could also be asked in an exam to discuss how connection 
to the Internet can be achieved and how data is exchanged. You can, of course, 
weave the content of this chapter into most of your answers for extra marks. 


Section 1: Types of Internet connections 

Currently there are only two possible ways to connect to the Internet: dial-up lines and 
local area networks. For the purposes of this chapter, ADSL and cable are considered 
to be LAN connections, although the chapter does explain briefly how ADSL and cable 
work. 

Dial-up connection 

Most people are familiar with this method of connecting to the Internet and it is still 
by far the most popular, with more than 50% of users still connecting in this fashion. 
Dial-up connection involves the use of a pair of modems and a telephone line. The 
modems convert the digital computer signals into analogue signals that are suitable 
for transmission over the telephone network. Another modem at the other end 
converts them back. This is known as a point-to-point (PPP) serial link and is available 
through virtually all ISPs. Once at the ISP's premises, the data is transferred on to its LAN 
and begins its journey to the Internet. Dial-up connection is also known as plain old 
telephone service or POTS for short. Typically, modems provide 33.6 K upload speed 
and 56.6 K download speed. 
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Asymmetric digital subscriber!line (ASDU is aexiting telephone lines, 
to the Internet can be . prov ! d u d J bandwidth of the conventional telephone 

Quite simply, this is achieved by ivm g ^ 0 f -py/radio broadcasts is divided 

line into channels m a ^ 2c (see Figure 11. 0- Technically, this is known as 

Frequency Division Muitiplexmg tFDM . F q y ^ a , |ocated t0 the telephone 
services. In the case of ADSL, a small tr f q ^ e , y t y m conn ection to the Internet 
service, a second, larger frequency ra [! ge toThTlnternet.Connection 

a — 

Frequency 



Figure 11.1: ADSL channels 


ADSL is ideally suited for this purpose. b ADSL wou |d not be so suitable. 
TerewS in speed when downloading a file compared 

DSL technokigy has been a godsend totheteleplwe^com|Mntesdt has allowed 

°i K ? n s!h 9 ‘“ seem likely ,0 develop in the 

coming decade, delivering an even higher bandwidth. 
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increase as technology develops. 

Cable modems 

Many parts of the country have now ^ SaS haw 

TV systems. In most parts of the UK the c ^^ e ^^ n 7 jn n teqrated ca ble modems 

Mbps connection and they can tailor its• ™Sp-ovlde a faster 

dotZeam JSSto tl^Sam. A web-hosting company would probably wan, 
the connection the other way around. 

Like DSL, cable modems provide a P e J[“ the 

on, and when the computer is on, th y P , nrnv jHe an extended Ethernet 

Sorkoverl K,with a of up to 100 mltej It is therefore not 

unusual to see a cable box with a dedicated Ethernet port at the rear. 

ISDN u 11C& . t 

integrated Se,.ices Digital Network 

is provided with two digital «*iphone ines. in ^'connection is 
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Figure 11.2 Broadband via satellite (courtesy of Silvermead) 

This type of technology is probably most suitable for those who can't receive broadband 
services because of their location - remember, ADSL requires technology to be added 
to telephone exchanges, which could take quite some time in rural areas. Also, some 
subscribers are too far from their exchange to have ADSL. As shown in Figure 11.2, 
this technology uses the existing telephone line to send a request, say, for a web 
paqe to the ISP. The ISP then retrieves the page from the Internet at high speed and 
returns it via the satellite to the user. This should happen as quickly as conventional 
broadband services. The technology requires a satellite modem and a modification to a 
conventional satellite receiver. The main disadvantage of this technology is that it ties 
up a conventional telephone line. Other than that, as a service it is virtually identical to 

broadband - around 33 Kbps outbound and around 0.5 Mbps inbound. 


Private wire . 

Organisations such as web-hosting companies, large institutions, e-commerce sites and 
universities that require very high-speed connection to the Internet can connect using 
private wires. These are private dedicated connections from the organisation to its ISP 
usually using fibre optic cabling. Using technologies such as ATM (see Chapter 5), this 
link can be as high as 1 Gbps (providing the receiving ISP can handle it) but it is very 

expensive. 


Mobile connections 

Mobile connections provide a means of connecting to the Internet using the mobile 
phone network. Although this has been possible for a number of years, the connection 
speeds were slow (around 9.6 Kbps). Third generation (3G) mobile networks are 
changing that providing a connection speed of up to 384 Kbps inbound (almost 7 times 
faster than standard dial up - remember early broadband was 128 Kbps) and 64 Kbps 

outbound using a 3G data card (Figure 11.3). 
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Figure 11.3: A 3G data card 

(connects 9 into a laptop using PCMCIA slot) 
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Section 2: The Internet (TCP/IP) case study 

Throughout this hook standards, Z 
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Beginning the journey 

Figure 11.5 represents an Internet connection. 


Proxy server 


193.63.148.21 

255.255.255.0 



school network 


Firewall 


University of Sunderland 
main router 


DNS 

server 


University of Glamorgan 



Default gateway 

193.63.148.254 

255.255.255.0 


C & T network 


osiris 

University of Sunderland 


Figure 11.5: An Internet connection 

at ! he Uni ^ e I. slty of Glamorgan is being used to view the home page of the School of 
Computing and Technology at the University of Sunderland (osiris.sunderland.ac uk) 
Both networks are Ethernet. The URL is entered into the browser, which immediately 

hrn^HrV? 9 DNS c s 'r i rver a " d retrieves the IP address of 157.228.102.1. It does this by 

frame S on "" J 6 ™ 6 * Vl" 610 the DNS Server which then responds with a unicast 

frame (to one machine only) containing the IP address. For our purposes it does not 

matter how the DNS server knows the address - very crudely, all DNSs across the world 

talk to one another to update their tables. «w»mewona 

Is? 228 C in 7 i ?„ GarT ! 0r9 l n n ° W k , n ° WS the address of osiris.sunderland.ac.uk as 

network address (see Chapter 3). It does this by logic: by ANDing the address and the 
subnet mask together. In binary 255 is 11111111 - all bits are 1 in the byte A bit set to 
1 means compare. Thus 255.255.255.0 means compare all parts of the first three Ses 
The network portion of the IP address is therefore 193.63.148 (the last byte is the ho^t ID 

- the Glamorgan PC in this case). As 1 93.63.148 and 1 57.228.102 are notSentical the PC 
knows the machine it is looking for is not on the same network as itself. 

Mrrrttiiriniiwuwa-- -... 





,\v 



.. /w; 


ji . , , - .. . . ... . . jlUjlIllilmi. 

networking and thoT t^ 0 " of subne t workin g (or subnetting) is fundamental to j 
netwo rk in g and the Internet. Networks are divided to lessen the load on them In I 

SSSk 6 Sa ” that a brld9e swi,ch can he| p control collisions but they can't 1 

“»**■? : T' e ?. and subne,s a,e for this. Mote InforSn Sn i 
subnetting is contained in Chapter 3. 




The Glamorgan machine does not know what to do with the packet. However it has 
been programmed to send such packets to the default gateway. Although (he PC 

V P add j eS J ° f tbe default gateway, it has no idea of the MAC address of the 
default gateway. To find the MAC address, it needs to resolve the IP address It does this 

through a process known as Address Resolution Protocol (ARP). The machine broadcasts 

an Ethernet frame which asks the machine that has the IP address of 193 63 148 254 to 

eTe" th'e I gateway router receives this^oadcast and 

Hn ni rn y ' * kn0W u S ltS ° Wn address - Unicas ts are preferable to broadcasts as they 
machines) “ bandwidth (they 9° t0 one machine only, not all the 
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After accessing a web page, key in arp -a at your command prompt. You will see the 


ARP cache - a map of IP and MAC addresses. 
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-ESSsESSSsSEES: 

its journey to the default gateway. 

The proxy server 

In the event the University of Glamorgan uses a proxy server, the browser will itse 

illii=siss=i 

to the default gateway. 

The default gateway 

if thp nrnxv server and/or the PC don't know the whereabouts of a web page, the request 

IM=S’=sg§iSS= 

aSSSSSSS&aias 

In ou“mpte>e Universityof 

SS :" e .o do With it and so sends i, to its 
default gateway - in this case, on to the Internet. 

Firewall 

mmmm 

but they may be subjected to a search to determine if they are carrying any secrets. 

A firewall does exactly the same thing with data. Data exiting from an organisation does 
^=he door numbers in the analogy), which can be open or closed. 

Commonly used port numbers are: 


Port 

Application 

21 

FTP 

23 

Telnet 

25 

SMTP 

80 

Web. 


Packets passing through the firewall may also be subjected to a search to see if the, 


164 
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contain any data that isn't allowed under the organisation's security policy. If they do, 
they are dealt with severely - they are destroyed! 



Firewalls are an important part of an organisation's security, but they do not meet 
all an organisation's needs - they should be part of a policy that includes routers 
and proxy servers. The policy should also recognise network users. Without such an 
integrated policy, firewalls are of little use. 


On to the Internet 

If packets pass successfully through the firewall, they are ready to be placed on to the 
Internet. Almost certainly, the bandwidth of the organisation's Internet connection will 
be smaller than that of its LAN. Not all packets will be able to fit on to such a limited 
bandwidth and so some will be lost. TCP (transmission control protocol - see Chapter 
4) waits for an acknowledgement from the recipient of the packets transmitted. In 
the event it does not receive one, it simply sends a replacement packet. Once on the 
Internet, the packets head toward huge routers with huge routing tables. When they 
arrive at these routers, their destination IP address is examined and, if the router knows 
the route the packet should take, it is switched to that route. If not, it is forwarded to that 

router's default gateway. 

Often represented as a cloud (as in Figure 11.5), the Internet is a complex web of 
connections and routers. However, one thing that should be noted about the Internet 
is that it operates on TCP that is inherently reliable. As the Internet is such a mass of 
connections, each has several backups. For example, there are satellite connections 
between the UK and the USA, but there are also trans-oceanic cables and satellite 
connections to and from Europe to the USA. Thus a transmission will almost always get 
through even if links are down - the Internet will route around the downed links. The 
reliability of the Internet was harrowingly demonstrated on 11 September 2001. After 
the aircraft hit the World Trade Center, all conventional telephone services were lost. 
However, IP telephones were able to route around the downed links. 

Arriving at the destination 

Eventually the packet will approach the University of Sunderland and will arrive at its 
router. When it arrives, it will be immediately subjected to a firewall. If it is bound for an 
open door, it will be allowed. If not, it will simply be destroyed. Once through the door, 
it will be inspected by the firewall to determine if it is the sort of packet that should be 
allowed through. Providing it is, it is passed on to the university LAN (encapsulated in 
an Ethernet frame). After the firewall, a router, will examine the network element of the 
IP address and forward the packet to the appropriate network. Once it arrives on the 
appropriate network, the router on that network will either know the MAC address of 
osiris or it will ARP to get it. Once it has the MAC address of osiris, it will forward the IP 
packet (inside an Ethernet frame) to osiris. Osiris will open the packet and examine the 
contents - a request for a web page. Osiris will then recycle the packet, replacing the 
destination address with the source address (i.e. putting the address of the Glamorgan 
machine as the destination and its own address as the source). 

The return journey 

If the contents of the web page are too large to fit into one packet, the server will 
replicate the packet structure. It will then fill the packet with the required contents and 
send the packet back: to the default gateway, to the university proxy server, through 
the firewall and on to the Internet. Once it arrives at the University of Glamorgan, it 
will be subjected to the firewall and will then on to the university LAN. It will pass on to 







the proxy server (inside an Ethernet frame because it's on a LAN), which •ii 
contents. If the proxy allows the packet through, it will take a copy of j t ch eck 
requests for that web page can be satisfied from it rather than havinq to n fu ^4 
Internet. It will then be passed to the router to be delivered to the machine 90 ° n to % 

As the router knows the MAC address of this machine, it encapsulates the da l. 
a frame and sends it to the machine. The machine strips off the Ethernet anrfm u ' nsirJ; ' 
extracts the data and displays it. All this happens in the 'blink of an eye'. H hea <W, 

Summary a 


In this discussion of the Internet and of how networks (in this case the Ethernet * 
the movement of traffic to and from the Internet, only the most important 
device - the router - has been highlighted. Typically, however, Ethernet frarn« in? 
pass through a host of Ethernet networking devices, including switches and hubs W ° UlC 



Packets containing web page requests travel far - across Ethernet networks ana 
Internet and through many, varied devices. ™i8 


Quick test ■ 

Briefly outline how a request for a web page generates both Ethernet frames and IP 
packets and how these result in the web page being retrieved and displayed. 


Section 3: End of chapter assessment 


Questions ■ 

1. Identify the most common ways of connecting a home PC to the Internet. Briefly 
discuss each, highlighting their advantages and disadvantages. ImH 


2. Briefly outline how a request for a web page makes its way to the Internet. 


Answers ■ 

1. To answer this question, you need to list the most popular connections from 
the home to the Internet (i.e. modem access, DSL, cable and ISDN). For each o' 
these connections, you need to discuss the features of the connection type - f° f 
example, always on, the equipment needed for the connection and the advantages 
and disadvantages. For instance, ADSL is asymmetric, which makes it ideal I0f 
connecting from the home: it has a faster downstream connection than upstream 
there are no call costs; and it is faster than a conventional (modem) connection. Y o 
should also discuss the disadvantages - for example, it has a slower upload $P e . 
than download and, although still faster than a modem connection, it may no 
suitable for all teleworking. 0 II 


2 . 


exan* 


As you couldn't possibly discuss all that is covered in this chapter in an , e5 
question, this question is only concerned with how a request for a web page m ^ 
its way from the PC to the Internet. In practice, networks are most likely _ 
Ethernet, and so you should state this before you start. The best place to s _ ^ 
discussion of the network settings on a PC and what they mean and do. Fro' ^ 
you can expand your answer to discuss how the PC decides whether or not tn ^ 
server is on the same network as the PC. Assuming it is, it will cut out rnost d 
answer to the question and a good part of your marks! Therefore assume it' s oX> 
show the role of the default gateway, default gateways set on the router, tne v 
server and the firewall. 








4: Further reading and research 


Hb\i tworking Academy Program (2001) First Year Companion Guide (2nd edn). 
m° ,5 S . ISBN: 1 58713 025 4. Chapter 30. 

0003) PC Support Handbook. Dumbreck Publishing. ISBN: 0 95417 111 X. Data 

chapter. 
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Chapter 12 


Network security 


Chapter summary 

Information security is often as paramount for organisations as it is forth 1 
Companies have commercially-sensitive information as well as havinn 
under legislation such as the Data Protection Act and the European DatA rv ° ns 
Before the widespread use of computers, information security was nrJi "f Cttve - 
rugged filing cabinets, perhaps a security guard and usually a personnel c!' dedb * 
system. The aim was simple - to limit access to sensitive information. Creen ' n 3 

Before the widespread use of computers, it was relatively easy to snot 

stealing information - long periods spent at the photocopier and car v 

boxes of paper out of the building! y ng ,ar 9e 

With the widespread use of computers it is much easier - by usinq a DAT«rt,w 
it is possible to steal 72 GB of data on a cartridge small enough to fit into a dl! 

rmw-tJ 0 l ? Ut 7 l - GB ' n “ nt ^ xt - the entire Encyclopaedia Britannica is arouncfo 
GB! With networking you don't even need physical access! 

This chapter guides you through the basics of network security, identifying the took 
available, likely sources and the need for a co-ordinated plan. You must remember 
that network security is a huge subject and only a basic guide can be qiven - if in 

doubt seek specialist help. J 

Learning outcomes 

After studying this chapter you should aim to test your achievement of the following 

outcomes. You should be able to: ■ 

Outcome 1: Security 

Understand the need for network and system security and be able to evaluate 
security, devise, implement and monitor security policies. Question 1 at the end of 
this chapter will test your ability to do this. fll 

Outcome 2: Security technologies 

Understand the security technologies available and their place in a secure system. 
Question 2 at the end of this chapter will test your ability to do this 

How will you be assessed on this? 

This chapter is mainly theory and it is highly unlikely that your academic institution 
will have the time or the skills to have you implement security. As such, it is l^ e T 
to be assessed as theory, perhaps asking you to draft a security plan as part of an 
assignment or discuss security technologies in an exam# 


risk 


Section 1: Security 

To be effective security must be a planned and co-ordinated effort based u P^ t j ier 
assessment (see Chapter 10) with various tools and techniques being brought tog 
in a co-ordinated fashion to help secure the organisation. ,^J 

It is very important to realise that threats change on an almost daily basis and that 
must constantly monitor your security policy and devices, make improvements a 
those improvements to ensure the best possible protection. 


l^“ £,ion 


security is a major topic in computing and not without reason. Most 
N£ tW ° rk nS are cr jtically dependent upon their information, of which, the only copy is 
organ* 9 - n |y h e |d 0 n computer. Theft or fraud involving that information is serious 
almost c ^ ore ser j 0 us is the organisation being denied access to its own information, 
but even ja) 0 f serv j ce attack, this may be as simple as someone accessing their 

u-* ^ it * 11 r . i i 


Kn° wn . e r system and changing all of the passwords, 
main, the threats to a computer system ™ 


, are: 

misuse of the computer system; 
attacks on the network; 
computer viruses, 
disaster; 
data loss; 

theft of hardware. 

To be effective, security must be a policy-based approach. The policy can then be 
implemented using a variety of techniques such as manual procedures, limiting end- 
user access, firewalls, routers and leased communication lines. This section briefly 
explores the main issues of network security and provides suggestions on countering 

these. 

The most important piece of advice that can be given to protea the organisation is, to 
take regular backups of the system, to try out these backups, ensuring they work, and to 
store the backup tapes off site in a fireproof safe. Whilst this will in no way help prevent 
attacks on the computer system, it will provide the organisation with a way to recover 
if anything should happen (see Chapter 10). In the case of the last three items on the 
list, if you don't have backups you will probably never recover and the chances of your 
organisation continuing (let alone continuing unharmed) are not in your favour. 

Misuse of the computer system 

^the main, the problem of computer security is hard to quantify - many organisations 
that have fallen victim prefer to cover up the problem, as public exposure will cause 
even more damage. Consider a bank losing £2 million through poor computer security 
-would you be happy banking with them? 

com° U ^ surveys have indicated that as much as 2/3 of all computer misuse is actually 
creT lttec * ^ em Pioyees of the organisation. Common sources of misuse include 
tW mg ^ anc * P^g) bogus employees, creating dummy purchase orders and paying 
t Q J Ces ' etc Little technical ingenuity but plenty of scope for fraud. Policies need 
S€ p ar ln p * ace which makes it more difficult for such activities to take place. Physical 
th e j J* l0n duties make it more difficult. For example the same person shouldn't pay 
Payroll— 5 a$ create d the purchase order, similarly before creating an employee on the 

Si 

usin 


system, a request must be received from Personnel. 

— J *^ es nee d to be educated not to share their user IDs and passwords. Someone 
fraud m°L Ur ID or P asswor d is effectively you to all audit trails on the system. Should some 
Si 6 ^ ace ' ' s y° u that will be accused. 

n°t $ha r ee i exce eding their level of security is also a problem. Assuming passwords 
c o „ r then the best wav to tackle this possibility is to configure the user interf. 


are 
interface. 


J 6XArv> veil way iu iolmc hid id iaj myuic uic udci ii uei iolc. 

treated (^ e ' ^ t * 1e user 's duties are only paying invoices, then menu systems should be 
for the 566 Chapter 9) that only offers this option. In this way, it becomes very difficult 
Ser to exceed their level of authority. 
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Attacks on the network 

Surveys by the Computer Security Institute (CSI) found that 70% of organisations said 
their network security defences had been breached. And that 60% of the incidents came 
from within the organisation. Again, the internal threat is greater than the external 
threat. 

Four types of network threat can be identified: 

• unstructured threats; 

• structured threats; 

• external threats; 

• internal threats. 

Unstructured threats are mainly from inexperienced individuals using tools they 
downloaded from the internet. Whilst they aren't that technically competent, they have 
some sort of intent or wouldn't be 'having a go'. The fact that they are is a problem. 

Structured threats are from seasoned hackers who are competent and motivated. They 
have an understanding of networking and more sophisticated tools. 

External threats are as you would expect - from outside the organisation securing access 
through dial up connections or the Internet. 

Internal threats are when someone has authorised access to the network or physical 
access to the networking devices. 

Physical security of devices and major cabling is paramount - if someone can physically 
access your devices, then they can probably defeat the passwords (most equipment 
provides for password recovery from physical access). Similarly, if they have access to 
major cabling, simply cutting it will cause a great deal of harm. 

Types of attack 

Network attacks can be broadly categorised into three: 

• reconnaissance attacks; 

• access attacks; 

• denial of Service (DoS) attacks. 

Reconnaissance attacks 

Reconnaissance attacks are akin to a burglar checking out a neighbourhood - looking 
for unlocked doors, half open windows, etc. They don't intend to carry out a burglary 
immediately, but are looking for weaknesses. Networks have similar weaknesses - they 
are looking for folders you may have made sharable in windows and forgotten to close, 
exposed UNIX directories, etc. Hackers will make a note of these weaknesses and come 
back to exploit them when fewer people are looking. 

Access attacks 

Access is a broad term referring to unauthorised data manipulation, systems access or 
privilege escalation. Data manipulation is viewing information that the intruder wasn't 
meant to have access to (this could include copying or moving the information). In order 
to carry this out, the intruder needs to gain access and, quite often, seasoned hackers 
will use tools to achieve access. In the same way as a burglar uses lock picks, hackers 
use either password crackers or other utilities, which either exploit a weakness in the 
system, or simply brute force (tirade of passwords) to gain access. 

Access attacks that involve privilege escalation are ones in which legitimate users (or 
hackers who have succeeded in getting low-level access to the system) attempt to 
gain higher-level access. This can involve running some kind of software - perhaps a 
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password-sniffing tool to identify passwords being sent across the network. Shared 

machines at universities and colleges are particularly prone to this kind of attack so 
beware! 

Denial of Service (DoS) 

Denial of Service (DoS) attacks are one of the most feared forms of attack Here the 
intruder wants to deny an organisation access to its own network or services. In doing 
so, that organisation is prevented from functioning - the longer it can be prevented 
from functioning, the less likely it is that the organisation will recover. 



There are many threats to the network system - the majority coming from within 
the organisation. You need to be aware of these threats and be vigilant. 


Elements of good practice 

It is important that network security is viewed as a continuous process - new threats 
emerge daily and you must test to determine the effectiveness of your security. It should 
be based around a security policy. Figure 12.1 shows the four essential steps in network 




TEST 


Figure 12.1: Major processes in network security (the security wheel) 


In the first instance, an organisation needs to identify security objectives and resources 
to be protected. By using network maps, an effective security policy can be devised. 

This policy can then be implemented (the secure part of Figure 12.1) using security 

devices such as firewalls, access control lists on a router, encryption and authentication 
devices (see Section 2). 


Once the security policy has been implemented, the network needs to be monitored for 
access breaches or attacks. There are commercial pieces of software available to help 
you do this such as the Cisco Secure Intrusion Detection System. Such software will help 
you determine whether the network devices have been configured properly. 

You will need to test the effectiveness of the safeguards you have put in place, against 
he security procedures that you devised. You may have developed the best security 
policy in the world but, unless you test it, you will never know whether it is workinq 
Again software is available to help you do this e.g. Cisco's Security Scanner. 

Finally, you will need to continually improve the security. You can only do this by 
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collecting and analysing information, that has been gathered from the monitoring and 
testing phases. Don't forget, new vulnerabilities appear everyday. 
v! "L P „h ,„„h seruritv as a continuous process with all four steps being repeated 


£ n U ,S; amendments to the security policy. 



i Computer security is a continuous process 
! cannot be viewed as a single operation.. 


of secure-monitor-test-improve 









Section 2: Security technologies 

SSSSsSsSSSSSSSS 

how to deploy them as part of the overall security strategy. 

Introduction 

Computer security is a ^ sy's^emssecu'reandbysecurity 

SKSSSSSSSSTSSSto *»5» «* «■ 'T C X°Z„ 

This chapter briefly discusses the major technologies available to help make org 
isations more secure. These are: 

physical disconnection; 

user accounts; 

NAT/PAT; 

firewalls; 

access control lists on a router (internal, upper and lower half of IP address range) 
DHCP from AAA; 

AAA security. 

Physical disconnection 

I, is often said that the most secure computer system is one that hasno Jj®^ 

network - as it is a potential security risk.) 

Does this machine need access to the whole network, for example should a student s 
PC in a college have access to the finance server? 

Do all employees need access to all data or can it be limited? 

Do we need to host our web pages? If they are only static, then you can reduce your 
risk by having them held on a third party server. 
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• Does everyone need access to the Internet or can they be given access to a restricted 
set of websites/web pages? 

By answering these and similar questions you are able to determine more about the 
security requirements of the organisation (see also Chapter 10, Risk assessment). 

User accounts 

User accounts are sometimes overlooked as a security technology, but they form an 
essential part of your overall security policy. If two users share an account and fraud is 
detected from that account, how do you know who committed the fraud? 

User accounts depend on education. You need to make sure that everyone understands 
the need to have and use their own account and to keep the user ID and password 
secure. 

Accounts also provide the ability to tailor access to information. For example, a clerical 
assistant in a hospital may be allowed to see names and addresses of patients, but 
should they be allowed to see detailed medical records for that patient? Only by having 
everyone use their own accounts can the level of access be controlled. 


Access control lists on a router 

Access Control Lists (ACLs) on a router are a means by which traffic can be controlled 
based upon IP addresses. Traffic can be filtered on source address, destination address 
and port, giving network managers the ability to prevent unauthorised traffic from 
reaching a network. Figure 12.2 shows a college whose student machines have the 
IP address range 192.168.1.x and whose finance machines have the IP address range 
192.168.2.x. Normally traffic from the 192.168.1.x network will be allowed to flow 
through the router and to reach the 192.168.2.x network which contains the finance 
server. Placing an access control list on router A preventing access to the 192.18.2.x 
network from the 192.168.1.x will prevent the students from ever being able to reach 
the finance network. Better still would be to prevent all other networks from accessing 
the 192.168.2.x LAN. 



Student Network 
(192.168.1.x) 





Router A 


Finance Network 
(192.168.2.x) 






Figure 12.2: A sample college LAN 


An access control list (ACL) is usually placed on an interface. It is preferable to place ACLs 
as close to the source as possible to prevent traffic traversing the backbone only to be 
dropped when it reaches the destination. It is important to realise that an ACL drops 
the packet; there is simply no reply which gives an element of stealth to the protected 
network. 


VLANs 

Whilst the ACL example above prevents unauthorised access to the finance network, it 
relies on all of the finance department being located in one physical space with only one 
network serving it. Most modern organisations don't work on this model and instead 
have functions such as finance distributed across the entire organisation. For example, 
at the University of Sunderland, finance staff work in each school and most buildings. 
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The above example wouldn't support this operation. Instead, a VLAN model is required 
(see Chapter 1), which supports Virtual Local Area Networks across an organisation. 
Figure 12 3 shows the same college whose personnel, finance and student groups are 
spread across many buildings but using VLANs to keep the networks private The router 
provides the ability for the VLANs to communicate with each other, but should have 
ACLs configured to prevent unauthorised access. 



Figure 12.3: Using VLANs and Inter VLAN routing to secure 
functional areas distributed across an organisation 


Network Address Translation (NAT)/Port Address 
Translation (PAT) 

NAT and PAT are key elements in network security and are used to separate internal 
and external addressing schemes making it very difficult for a hacker on the outside to 
gain access to a computer on the inside. Figure 12.4 shows a typical deployment of NAT. 
The router sits between the organisation's internal network and the ISP. Computers on 
the inside of the network are using a private IP address range (as defined by RFC 1918). 
When a computer on the inside network wishes to communicate over the Internet, the 
router translates the internal private network IP address (192.168.1.1) to the external 
IP network address (157.228.1.1) - hence the term 'network address translation . The 
packet originating from 192.168.1.1 cannot be routed over the Internet (as it is a private 
IP address) and has its source address replaced by that of the router before being placed 
on the Internet. The router keeps a table of internal and external mappings to use when 

a reply is received (Figure 12.5). 
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External network using an 
address provided by ISP e.g 

157.228.1.1 


T 



Router running 
NAT/PAT 


Internal network using a private 


address e.g. 192.168.1.x 





192.168.1.1 


Figure 12.4: A router using NAT/PAT connecting an internal and external network 


Inside IP address 

192.168.1.1 


Outside IP address 

157.228.1.1 


Figure 12.5: Sample IP address mapping 


When the reply is received, the router looks up the destination IP address in the map 
and translates it to the internal IP address before placing the packet on the internal 
network where it will be received by the machine that sent it. The translation can then 

be deleted from the map. 

In this simple example, only one IP address is used for translation. This gives the 
restriction that only one internal computer can use the Internet at any one point in time 
— requests will be queued. In reality this solution wouldn t work and so a pool of external 
IP addresses can be defined that will allow a number of computers to access the Internet 
up to the maximum number of addresses in the pool. 

In the case of smaller organisations or even in the home, only one IP address may be 
allocated preventing multiple computers from accessing the Internet at the same time. 
Another technique - Port Address Translation (PAT) is used to overcome this issue. 
PAT works in an identical fashion to NAT except that in addition to the IP address a 
port address is appended to the IP address. Port addresses are a normal part of an IP 
address, for example when we make a web request the port number 80 is automatically 
appended to the destination IP address. With PAT we are using unused source port 
numbers and appending them to the outside IP address. The router then maps the IP 
address and the port numbers and by using different port numbers for the different 
computers, it is able to allow multiple computers to share one IP address. Figure 12.6 

shows an example of this. 


Inside IP address 

Outside IP address 

192.168.1.1 

157.228.1.1:1024 

192.168.1.2 

157.228.1.1:1025 


Figure 12.6: An example of PAT. Note two PCs now using the single IP address 

The above examples show NAT being used dynamically for outbound traffic only. 
However, there are instances where we want NAT to be applied to inbound traffic. 
Figure 12.7 shows a typical organisation with a web server. The web server needs to 
be accessible via a real IP address. In this case, one of the two IP addresses provided 
by the ISP is statically mapped using static NAT to the address of the web server (e.g. 
157.228.1.2), the remaining one being used for dynamic NAT. Thus, 157.228.1.2 is 
statically mapped to 192.168.2.1. Any inbound packets to 157.228.1.2 will be translated 
to 192.168.2.1.157.228.1.1 will be used for dynamic NAT outbound. 
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De-militarised Zone using a 
private address e.g. 192.168.2.x 



Internet server 192.168.2.1 


External network using an 
address pool provided by ISP 
e.g. 157.228.1.1& 157.228.1.2 


... 






Router running 
NAT/PAT 


Internal network using a private 
address e.g. 192.168.1.x 



192.168.1.1 


Figure 12.7: Typical deployment using static and dynamic NAT 

Static NAT provides a means by which the web server can be accessed from a real IP 
address whilst the internal LAN is still protected. Notice that the Internet server is on 
a less secure network than the internal network - the so called De-Militarised Zone 

(DMZ). 
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! NAT and PAT provide a means to hide your internal IP addresses and network and 
| are usually the cornerstone of every security policy. 


Firewall 

There are generally three types of firewall available: 

• hardware; 

• software; 

• specialist security appliance. 

They are qenerally placed at network entrance to an organisation and are often either 
built into the border router itself (the so-called 'hardened router') or are a specialist 
security appliance (e.g. Cisco PIX range), which connects the internal and the external 
networks or are software on a computer. The function of a firewall is to examine packets 
(both sourced from internal and external addresses) and to apply pre-configured security 
policies to them. Usually the main function is to prevent hackers and harmful data from 
entering the organisation, although they can be configured to examine packet contents 
and prevent sensitive data leaving an organisation or prevent access to websites/trattrc 

that don't meet the organisation's policy. 

Of the three categories, software firewalls are generally considered to be the weakest. 
This is because they run upon an operating system that itself could be compromised. 
Thus if you had the best software firewall in the world, it could be defeated by attacking 

the operating system it runs on top of. 

Hardware firewalls are much harder to defeat and are usually a router with an enhanced 
version of the router operating system. Whilst such devices are many more times harder 
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Figure 12.d: A Properly-secured organisational LAN 
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Network time servers 

In a secure network it is important that the clocks on all network devices are kept in 
sync. Any audit trails written to logging devices are much more useful ifthe time stamp 
is accurate Drovidinq a means by which the network manager can correlate the audit 
[rail to spedfic events. Network Time Servers (NTSs) use the Network Time Protocol 
(NTP) and are used to synchronise the times on all network devices, the sync ronisa 10 

usually comes from a satellite using an atomic clock (Figure 12.9). 
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Outside 

network 



Inside 

network 







PC 


Figure 12.9: Typical NTS usage (image courtesy of Cisco Systems Inc.) 
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Networking is critical to most organisations and security is crucial to networking 





Treat security seriously! 






Section 3: End of chapter assessment 

Thes^qleshons relate to the assessment targets set at the beginning of this chapter. 
If you can answer them effectively you are in a good position to achieve good credit in 

assessments or examinations. 

1. Outline the need for network security and discuss elements of good practice. 

2. Name the major security technologies and for each briefly discuss its operation and 
detail how it increases security. 


Answers 


i. 


As you are aware, computer security is of paramount importance and is cause for 
concern for most organisations. In answering this; question, you'needI tc) high! Jt 
the critical importance of computer security, which may be helped by making 
comparisons to a paper-based method. 

You should briefly mention the possible threats to a computer-based system before 
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going on ,0 outline the elements of ^hTthest'e^.his 
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SKiSttsISr don't forget that new threats appear almost daily. 

For each technology you should discuss how 

it provides network se ^ unty , To aive examples of where the technology 
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oiecemeal it is likely to compromise their effect. 


Section 4: Further reading and research 

Cisco Networking Academy Program <2003, CCNA:land 4Companion Guide, (3rd edn). 
r In Press. ISBN: 1 5871 3 113 7. Chapters 11 and 16. 


www.freeradius.org 

www.gnu.org/software/radius/radius.html 
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network components - 

' Sometimes 


Glossary 

ACL Access Control List. 

ADSL Asymmetric Digital Subscriber Line. 

AP Access Point (wireless). 

ARP Address Resolution Protocol. 

ASCII American Standard Code for Information Interchange. 

bad te^^ 

systems encode multiple bits on a signal variation. 

, 1T . nr , n _ the basic level at which computers operate. 

bps Ze.' econd - a measure of throughput usually related to networks. The number 

P nf hits oer second that can be/are transferred. 

Broadcast storm - this is an excessive transmission of broadcast packets in a ne wor 
which can cause serious network performance issues. 

« ;£SS? are 

r:r “rr:—rr ^ - - * -,, 

number. 

«“ZdeTlndZ Standard Architecture - a popular architecture used in 

JZZTXZZ** «- - -—»— 5lower 

devices on the network. 

FTP File Transfer Protocol - used to send files across a computer network. 

Gbps Gigabits per second (1000 Mbps). 

GE Gigabit Ethernet. 

Horizontal cabling - cabling from IDF/MDF to desktop. 

HTTP HyperText Transfer Protocol - used to transfer web pages across a ne wor . 

IDF Intermediate Distribution Facility - a point on the floor where networ equipme 

IP IntemeTprrcll-The'networking protocol that is used on the Internet. 

ISA IndX Standard Architecture - the hrs, interna, PC architecture used b, IBM- 
compatible PCs. 

Mb Megabits. 

MB Megabytes - different from megabits. 
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Mbps Megabits per second - different from megabytes. Also written as Mbit/s. 

MLS or MPLS Multiprotocol Layer Switch 

MCA Micro Channel Architecture - an internal PC architecture developed by IBM for its 
PS/2 and RS6000 range of computers. 

MDF Main Distribution Facility - the first distribution facility in a building where 
networking equipment is located and wiring terminates. Usually houses POP. 

NAT Network Address Translation. 

NIC Network Interface Card. 

NOS Networked Operating System (e.g. Novell). 

Parity An error-detection mechanism - a bit is added to the end of a series of bits 
(usually a byte) to permit an error in the transmission to be detected. 

PAT Port Address Translation. 

PCI Peripheral Component Interconnect - an Intel-devised internal computer 
architecture that provides much greater speeds than either ISA or EISA. 

PCMCIA - the architecture used by laptops and other small devices - credit card-sized 
interface cards. 

POP Point-of-Presence-the actual location houses telecommunication and networking 
equipment. 

RSM Router Switch Module. 

Server farm - centralised location of all an organisations servers. 

SMTP Simple Mail Transfer Protocol - used by mail servers to exchange email. 

STP Shielded twisted pair cabling - more immune to interference than UTP. 

TCP Transmission Control Protocol - the transmission control method used 
Internet. 

10GE 10 Gigabit Ethernet. 

TFTP Trivial File Transfer Protocol - used for small files. Less reliable than FTP. 

URL Uniform Resource Locator - a web address (e.g. cisco.sunderland.ac.uk). 

USB Universal Serial Bus - a high-speed serial interface. 

USB2 - a faster version of USB. 

UTP Unshielded Twisted Pair cabling - widely used in modern installations. 

Vertical cabling see backbone (cabling) 

VLAN Virtual LAN - a protocol enabling a LAN to be divided into several virtual LANs. 
VoIP Voice Over Internet Protocol 

VPN Virtual Private Network - a protocol for establishing (virtual) private networks over 
the Internet. 

WAP Wireless Access Point. 

WiFi-same as WLAN. 

Wiring closet - see IDF 

Wireless bridge - using a wireless LAN to bridge two other LANs. 

WLAN Wireless Local Area Network - a wire-free networking solution. 
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1OOOBaseT (or Gigabit Ethernet) 68 
10OOBaseT switches 
1 OOOBaseT 68 
100BaseFX 67 
100 BaseT 66-67 
10Base2 64-65 

segments conforming to 5-4-3-2 rule 
84 

using repeaters 83 
10Base5 63-64 
lOBaseT 65-66 

10 Gigabit Ethernet (10GE) 68 

3G 160-161 
80/20 design rule 94 

A 

access attacks 170 
access control list See ALL 

access methods 

ethernet networks 61-62 
FDDI 75 

Token Rings 72-73 

access permissions 122 

access to resources 103 
ACL 173,180 

adaptability 100 
addressing 47-48 
ADSL 158-159 

applications, installing Linux 132 

application layer, OSI seven-layer model 

application layer, TCP/IP model 56 

application layers 52-56 
051 seven-layer model 52-50 

Arcnet 10 _ , _ 
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asymmetric, defined 158 

SSSIaSion (ATM) 

76-77 

attacks, on the network 170 
attenuation 36 
availability 100 

backbone (cabling) 40,44,180 

backups 151 .. 

considerations when undertaking 

150-151 

managing 147-151 
types 149 
verifying 147-148 
backup cycles 150 

baseband signalling 3/ 

baselining 145 
baud 180 


bit 180 

Bits per second See bps 
Bluetooth 16 

BNC See British Naval Connector 
bps 180 

bridges 87-88 . , 

British Computer Society's Copyright 

Committee 31 

British Naval Connector 41,64 
broadband signalling 37 

broadband via satellite 160 
broadcast domain 81 

broadcast storm 92 
bus network 40 

cable modems 159 
Cambridge ring 10 
capacity and performance 29 30 
capacity limitations 29-30 

detection (CSMA/CD) 61 
Cat 3 180 

Cat 5 180 „ 

CEF 5 ee cisco Express Forwarding 

cellplexes 76 
cells, ATM 76 

CiscoIxpres^Forwarding (CEF) 95-96 
Cisco Secure Intrusion Detection System 

171 

Class A licences 48 
Class B licences 48 
Class C licences 48 
CLI See command line interface 

client/server computing 11-17 

coaxial cable 41 
coaxial hubs 85 
coaxial repeater 84-85 

M) collisions, ethernet networks 61 

collision detection 102 
collision domains 82 

command line interface (CLI) 1 35 

communications media 26 

compressed files, attributes for 1 
computer networking 
local area networks 10,15 
popular devices 79-98 
types of 10-14 

computer networks See also network 

design; See also network 
management; See also network 
operating systems; See also network 
resources; See also servers 
basics 34-38 


categories 14-21 
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connecting to the outside world 
157-167 
defined 6 
early systems 6 
leased lines 8-10 
licensing issues 31-32 
local interactive terminals 7 
organisational dependence 6 
popularity of 28-29 
popular technologies 60-78 
remote access 7-8 
security implications 30-31 
standards 51-59 
topologies 38-45 
computer systems, misuse of 169 
concentration 86 
concentrators 86 
star networks 39 
concurrency, licensing issue 31 
connectors 
10Base5 64 
mesh network 43 
ring networks 42,43 
tree networks 41 
copper cables 26 
core layer, design structures 105 
cpio command 148 
crosstalk 36 

CSMA/CD See carrier sense multiple 
access with collision detection 
cyclic redundancy checks (CRCs) 38,180 

D 

D.25 serial connector 39 
data, encoding 35 
data link layer 54-55 
Data Protection Act 1984 30 
DAT cartridge 31 
De-Militarised Zone (DMZ) 176 
default .profile script 136 
default gateway 161,162,163-164,165 
denial of service (DoS) 171 
df command 145 
DHCP 130,161,172 
dial-up connection 157-158 
differential backups 149 
directories, setting up security 124 
directory permissions 124 
directory structures 121-122 
disaster recovery planning 151-155 
diskdrives 121 
disk filing, measuring 145 
disk usage, measuring 145 
distribution layer, design structures 104 
DMZ See De-Militarised Zone 
DNS See domain name server 
documentation, network design 105-106 
domain name server 162,180 
DoS See denial of service 
driver disks 27 
DSL technology 158 


du command 145 

Dynamic Host Configuration Protocol 
See DHCP 

E 

early computer systems 6 
early star networks 38-39 
EISA 180 

electromagnetic interference (EMI) 36 
electrostatic discharge (ESD) 37 
email 29 

EMI See electromagnetic interference 
encoding 35 

error detection/correction 38 
ESD See electrostatic discharge 
Ethernet networks 

bridging between Token Rings and 88 
frame formats 62 
method of access 61-62 
variants 62-63 
wireless LANs (WLANs) 68-71 
exceptional user management. 144 
Extended Industry Standard Architecture 
See EISA 

external threats 152,170 
extranets 20 

F 

facts and figures, network design 103 
FAST See Federation Against Software 
Theft 

FDDI See Fibre-Distributed Data Interface 
FDM See frequency division multiplexing 
Federation Against Software Theft (FAST) 
31 

Fibre-Distributed Data Interface (FDDI) 
advantages/disadvantages 75-76 
method of access and operation 75 
fibre optic cabling 26,75,160 
file owners 122 
file sizes 107 

File Transfer Protocol See FTP 

filing systems 
security 122-125 
UNIX 121-122 
firewalls 164-165 
5-4-3-2 rule 83, 84 
flow control 180 
four-week backup cycle 150 

frame formats 
Ethernet networks 62 
Token Rings 73 
free token 72 

frequency division multiplexing (FDM) 

158,159 
FTP 180 

full backups 149 
full duplex circuits 36 
functionality 100 

G 

gateways 97-98 See also default 
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gateway 

genera| 8 packet radio service (GPRS) 161 

qiqabit Ethernet 68 

GPRS See general packet radio service 

grandfather/father/son backup cycle 150 
graphical user interface 20,135 

groups 

adding, installing Linux 133 
creating, network management 
143-144 

filing system security 122 

H 

hackers 170,176 
half duplex circuits 36 
hardware 
Token Ring 73 

hidden files, attributes for 125 
horizontal cabling 180 

HTTP 180 


hubs 40,86-87 r 

lOBaseT 65 f 

HyperText Transfer Protocol See HTTP j 

IDF See Intermediate Distribution 
Facilities 

impulse noise 36 
incremental backups 149 
information security 30 
inherited rights 123-124 
installation process, Linux 127 132 

Intermediate Distribution Facilities 104, 

180 

intermodulation noise 36 
internal threats 170 
Internet 20 

connecting to 161-166 

connections 157-161 

default gateway 161-162,163,165 166 

proxy servers 164 
settings 161-162 

Internet layer,TCP/IP model 57 

intranets 18-19 
IP address 21,161-165 
IP number 180 
IP telephony 21 
ISA 180 

ISO (International Standards Organisation) 
46 


licence agreement, Linux post installation 
131 

licensing issues 31-32 
Linux 

adding users and groups loi 

installation process 127-132 
installing applications 132 

local area network (LAN) 15,21 See 

also Ethernet networks; See 
also Token Rings 
local interactive terminals 7 
logical addressing 47-48 
logical rings 42-43 
logical volumes 121-122 
login scripts 136-137 

lower layers, OSI seven-layer model 
54-55 

Ipq command 140 
Iprm command 140-142 

M 

mainframe computers 6 

Main Distribution Facilities 104,181 

manageability 100 „ anrian t 

management See network management 

Mbps 181 \ iqi 

MCA (micro channel architecture) 181 

MDF See Main Distribution Facilities 

media access control unit (MAC) 47 

megabits (Mb) 17,30,37 

megabytes (MB) 17,30,37 

menu systems 137-139 

mesh network 43 

metropolitan area networks (MANs) 
15-16 


LAN See local area network 

language selection, Linux 128 

layer 4 switching 94-98 
leased lines 21-22 


micro-segmentation 89 

microfilters 158 

micro channel architecture See MCA 
mission critical 25 

MLS See multiprotocol layer switch 

mobile data connections 160-161 
MPLS See multiprotocol layer switch 

multi-port repeater 83 .., n 

multi-useroperating systems 119 izu, 

120 

multiprotocol layer switch (MPLS or MLS) 
94-98 

multistation access unit (MAU) 42,73, 
91-92 

multitasking 7 

NAT See network address translation 

networks topologies 38-45 
network access layer, TCP/IP model 57 

network address translation (NA1) 9/, 
174-176,181 
network design 99-118 
capacity planning 99-103 
components 100-102 


184 





************ *0 


INDEX 


**************** 


**** 6 ************** 


t*#***********^*,}***^ 


******** &****** 


goals 100 

methodology 103-106 
sample design 109-111 
Network Information Center 48 
network interface card (NICs) 25-27,66, 
69,80-81 

network layer, OSI seven-layer model 54 
network management 143-156 
backups 147-151 

creating users and groups 143-144 
estimating resource usage 145-147 
security 168-179 

network operating systems 126-142 
client/server architecture 12 
configuring the user environment 
135-138 

installing Linux and applications 
126-134 

multi-user operating systems 126-129 
printer setup and options 139-141 
network resources 25-27 
access to 103 

estimating resource usage 103-104 
network structures 
designing 104 
standard 104-105 

NIC See network interface card (NICs) 
non-break Ethernet connector 64 
non-pre-emptive systems 120 
normal user management 144 
NORthern Metropolitan Area Network 
(NORMAN) 15 

NOS See network operating systems 
Novell Netware 12 

O 

operating systems See network operating 
systems 

organisational servers 101 
OSI seven-layer model 46-47, 52-56 
comparison with TCP/IP 57-58 

P 

package installation, Linux 131 
packets 37-38 

arriving at the destination 165 
on to the Internet 165 
return journey 165-166 
Parity 181 
PCI 181 
PCMCIA 181 

peer-to-peer networking 12-14,119-120 

performance issues 29-30 

personal area networks (PANs) 16-17 

physical addressing 47 

physical layer, OSI seven-layer model 55 

point-of-presence 181 

point-to-point (PPP) serial link 157 

POP See point-of-presence 

port address translation (PAT) 174-176 

pre-emptive systems 120 

presentation layer, OSI seven-layer model 53 


printers 

attaching to servers 12 
printer maintenance commands 140-141 
printer queues, managing 140-141 
printer setup and options 139-141 
private wire connections 160 
protocols 46-47 
proxy servers 164 


R 

radiation 37 

radio frequency interference (RFI) 37 
reconnaissance attacks 170 
reliability 103 
remote access 7-8 
repeaters 82-85 

requirements analysis, network desiqn 
103 


resources See network resources 

response time 103 

revised .profile script 137,139 

rights, filing systems 123-124 

ring network 41-43 See also Token Rings 

risk assessment 151,152,168 

RJ-45 connectors 42,43,45,65,66 

roaming machine (VPNs) 19 

root password, Linux 130 

routers 92-93 

Router Switch Module 181 

router switch module (RSM) 94-98 

RS232 serial lines 7 

RSM See Router Switch Module 


S 

satellite 159-160 
scalability 100 
scripts 136 
security 168-179 
filing systems 123-124 
network management 143-156 
peer-to-peer networking 119-120 
security policies 176 
security wheel 171 
segmentation 102 
segments 54 

connected by repeaters 83 
server 

role of 119-125 
VPN 19 
servers 

function and positioning of 101-102 
proxy 164 

session layer, OSI seven-layer model 54 
shells 136 

shielded twisted pair See STP 
signal 35 
signal ground 35 
signal problems 36-37 
signal reflection 37 
simplex circuits 36 

Simple Mail Transfer Protocol See SMTP 
single-server system 11-12 



INDEX 






»*$*««***"$■«********* % * * * 


Single technology bridges 88 
Sky Digital satellite system 159 

SMTP 181 

sneakernet 28 
SOHO gateway 97 
Spanning Tree 90 
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for LANs 10 

OSI seven-layer model 46-47,52-56 
TCP/IP model 56-57 
standard design structures 104-105 

star networks 
early 38-39 
modern 44 

with logical ring 42-43 
static electricity 37 
STP 73,181 
STP cabling 43 
STP connector 43 
structured cabling 44-45 
structured threats 170 
subnetworking 163 
subnetworks 49 
subnet mask 161,162,163 
subnet masks 49 
superusers 122 
switches 89-90 
managed/unmanaged 90 
symmetric switches 90 

T 

taps, 10Base5 63 
tar command 148 
TCP 181 

TCP/IP model 56-57 
comparison with OSI seven-layer model 

57-58 

technologies 38,45,60-78 

telephone lines 8 

terminating resistor 64 

TFTP See Trivial File Transfer Protocol 

thermal noise 36 

Third generation (3G) mobile networks 
160-161 

threats, to networks 170 
three-layer design model 104-105 
three-layer model, design structure 
104-105 
throughput 103 

time division multiplexor (TDM) 9 
tmp directory 146 
Token Rings 
access methods 73-74 
advantages/disadvantages 74 
bridging between Ethernet networks 

and 88 

connectors 42-43 
frame structure 73 
hardware 73 
topologies 38-45 
torch circuit 35 


transceiver units 80 
transmission control protocol/Internet 
protocol See TCP/IP 
transport layer 
OSI seven-layer model 54 

TCP/IP model 56 
tree networks 40-41 
Trivial File Transfer Protocol 181 
twisted pair cabling 44-45 See also STP 
cabling; See also UTP cabling 
two-layer design model 101,104-105 
two-layer model, design structure 
104-105 
T piece 64 

U 

Uniform Resource Locator See URL 
UNIX, filing systems 121-122 
Unshielded Twisted Pair 181 
unstructured threats 170 
upper layers, OSI seven-layer model 

53-54 
URL 181 
USB 181 
users 

adding, installing Linux 131,133 
creating, network management 
143-144 

filing system security 122-124 
user environments 135-138 
user interfaces 136 
UTP 181 

UTP/coaxial converting repeater 84 
UTP cabling 26,44-45,85 
UTP hubs 85 
UTP repeater 84 

VAN See vehicular area networks 

vehicular area networks (VANs) 15,17 
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17-18,181 

virtual private networks (VPNs) 15,19, 
181 

VLAN See virtual local area networks 

voice over IP 21-22 

VoIP See voice over IP 

VPN See virtual private networks 
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WAN See wide area networks 
WAP See Wireless Access Point 
wide area networks (WANs) 16 
WiFi 181 

Wireless Access Point 181 
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wireless LANs (WLANs) 68-71,181 
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workgroups, management of 145 
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